CVE-2018-13419 — Missing Release of Resource after Effective Lifetime in Project Libsndfile

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsndfile Project Libsndfile Msrc CBL Mariner 1.0 ARM Msrc CBL Mariner 1.0 X64 +1 more

Timeline

PublishedJul 7

Latest updateMay 13

Description

An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlibsndfile_project/libsndfile1.0.28

▶msrcmsrc/cm1_libsndfile_1.0.31-1_on_cbl_mariner_1.0

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

🔴Vulnerability Details

GHSA

GHSA-c7f3-369m-6pwp: ** DISPUTED ** An issue has been found in libsndfile 1↗2022-05-13

▶

OSV

CVE-2018-13419: An issue has been found in libsndfile 1↗2018-07-07

▶

CVEList

CVE-2018-13419: An issue has been found in libsndfile 1↗2018-07-07

▶

📋Vendor Advisories

Microsoft

An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and↗2018-07-10

▶

Red Hat

libsndfile: Memory leak in common.c:psf_allocate()↗2018-07-05

▶

💬Community

Bugzilla

CVE-2018-13419 libsndfile: Memory leak in common.c:psf_allocate() [fedora-all]↗2018-07-09

▶

Bugzilla

CVE-2018-13419 libsndfile: Memory leak in common.c:psf_allocate()↗2018-07-09

▶