Login Sign Up

CVE-2021-3756

9.8 CRITICAL

📋 TL;DR

CVE-2021-3756 is a heap-based buffer overflow vulnerability in libmysofa, a library for reading HRTF (Head-Related Transfer Function) SOFA files. Attackers can exploit this by providing specially crafted SOFA files, potentially leading to arbitrary code execution. Any application using vulnerable versions of libmysofa to process untrusted SOFA files is affected.

💻 Affected Systems

Products:
  • libmysofa
Versions: Versions before commit 890400ebd092c574707d0c132124f8ff047e20e1
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable libmysofa versions and processing SOFA files is vulnerable.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Libmysofa by Symonics

View all CVEs affecting Libmysofa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using libmysofa, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution depending on exploit reliability and memory protections.

🟢

If Mitigated

Application crash with ASLR/DEP/stack canaries preventing reliable exploitation.

🌐 Internet-Facing: MEDIUM - Risk depends on whether the application processes untrusted SOFA files from external sources.
🏢 Internal Only: LOW - Typically used in audio processing applications that handle controlled files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploit requires crafting malicious SOFA files; public PoC exists in bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 890400ebd092c574707d0c132124f8ff047e20e1 or later

Vendor Advisory: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1

Restart Required: Yes

Instructions:

1. Update libmysofa to version with commit 890400ebd092c574707d0c132124f8ff047e20e1. 2. Recompile applications using libmysofa. 3. Restart affected services.

🔧 Temporary Workarounds

Disable SOFA file processing

all

Prevent applications from processing SOFA files if not required.

Configure applications to reject SOFA file inputs

🧯 If You Can't Patch

  • Implement strict input validation for SOFA files
  • Run applications with minimal privileges and memory protection controls

🔍 How to Verify

Check if Vulnerable:

Check libmysofa version or commit hash against vulnerable range.

Check Version:

ldconfig -p | grep libmysofa or check package manager (e.g., rpm -q libmysofa)

Verify Fix Applied:

Verify libmysofa version includes commit 890400ebd092c574707d0c132124f8ff047e20e1.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing SOFA files
  • Memory access violation errors

Network Indicators:

  • Unusual SOFA file transfers to applications

SIEM Query:

Process crashes with libmysofa in stack trace OR file creation/modification of .sofa files

📊 Metadata

CVE ID: CVE-2021-3756
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: October 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3756, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)