| Name | CVE-2022-33064 |
| Description | An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Non issue in libsndfile, was also filed as bug #1051890
https://github.com/libsndfile/libsndfile/issues/832
Upstream disputes issue as possible false-positive:
https://github.com/libsndfile/libsndfile/issues/832#issuecomment-1702253852 ff