Vulnerability CVE-2018-19662: Information

Description

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-19662
Published: Nov. 29, 2018
Modified: Oct. 29, 2020
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libsndfilesisyphus1.0.30-alt11.1.0-alt1ALT-PU-2020-3449-1262878Fixed
libsndfilep101.0.30-alt11.1.0-alt1ALT-PU-2020-3449-1262878Fixed
libsndfilep91.0.30-alt21.0.30-alt2ALT-PU-2020-3469-1262916Fixed
libsndfilec10f11.0.30-alt11.1.0-alt1ALT-PU-2020-3449-1262878Fixed
libsndfilec9f21.0.30-alt21.0.30-alt2ALT-PU-2021-2149-1276679Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/erikd/libsndfile/issues/429
  • Exploit
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update
  • Mailing List
  • Third Party Advisory
USN-4013-1
    [debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update

        1. Configuration 1

          cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*

          Configuration 2

          cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top