CVE-2018-19432NULL Pointer Dereference in Libsndfile

CWE-476NULL Pointer DereferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
6.5MEDIUMNVD
OSV9.8
EPSS
1.0%
top 23.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedNov 22
Latest updateMay 14

Description

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-5+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-qcq5-35c7-7hvw: An issue was discovered in libsndfile 12022-05-14
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2018-19432: An issue was discovered in libsndfile 12018-11-22

📋Vendor Advisories

5
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Red Hat
libsndfile: OOB read in sf_write_int in sndfile.c2018-11-22
Microsoft
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c which will lead to a denial of service.2018-11-13
Debian
CVE-2018-19432: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereferenc...2018

💬Community

2
Bugzilla
CVE-2018-19432 libsndfile: OOB read in sf_write_int in sndfile.c [fedora-all]2018-11-22
Bugzilla
CVE-2018-19432 libsndfile: OOB read in sf_write_int in sndfile.c2018-11-22