Miggo Logo

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a...

7.8

CVSS Score
3.1

Basic Information

EPSS Score
0.04404%
Published
7/18/2023
Updated
4/4/2024
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description, GitHub issue #832, and the commit message of the fixing commit (05f9978772747cf951a755497b03ebb26909f739) all explicitly name wav_read_header in src/wav.c as the location of the off-by-one error. The issue report provides runtime sanitizer output showing an out-of-bounds access related to 'SF_CUE_POINT' within this function. Although the patch details could not be fetched, the available information is sufficient to identify the vulnerable function with high confidence. The confidence is high due to the direct naming of the function and file in multiple reliable sources related to the vulnerability report and its fix.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n o**-*y-on* *rror in *un*tion w*v_r***_*****r in sr*/w*v.* in Li*sn**il* *.*.*, r*sults in * writ* out o* *oun*, w*i** *llows *n *tt**k*r to *x**ut* *r*itr*ry *o**, **ni*l o* S*rvi** or ot**r unsp**i*i** imp**ts.

Reasoning

T** vuln*r**ility **s*ription, *it*u* issu* #***, *n* t** *ommit m*ss*** o* t** *ixin* *ommit (****************************************) *ll *xpli*itly n*m* `w*v_r***_*****r` in `sr*/w*v.*` *s t** lo**tion o* t** o**-*y-on* *rror. T** issu* r*port pr