Out-of-bounds Read in libsndfile

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

Remediation

Upgrade libsndfile to version or higher.

References

CVE Details
Debian Security Tracker
GENTOO
GitHub Issue
GitHub PR
MLIST
RedHat Bugzilla Bug
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-3832
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-LIBSNDFILE-602803
Disclosed: 21 Mar, 2019
Published: 15 Feb, 2019

Out-of-bounds Read
Affecting libsndfile package, versions <1.0.27-3+deb9u1

Overview

Remediation

References

CVSS Score

Out-of-bounds Read Affecting libsndfile package, versions <1.0.27-3+deb9u1

Overview

Remediation

References

Out-of-bounds Read
Affecting libsndfile package, versions <1.0.27-3+deb9u1