CVE-2018-19661Out-of-bounds Read in Libsndfile

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound12 documents9 sources
Severity
6.5MEDIUMNVD
OSV9.8
EPSS
0.9%
top 23.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedNov 29
Latest updateMay 13

Description

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-5+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-xh77-pf23-wpw7: An issue was discovered in libsndfile 12022-05-13
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2018-19661: An issue was discovered in libsndfile 12018-11-29
CVEList
CVE-2018-19661: An issue was discovered in libsndfile 12018-11-29

📋Vendor Advisories

5
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Red Hat
libsndfile: buffer over-read in the function i2ulaw_array in ulaw.c2018-11-27
Microsoft
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.2018-11-13
Debian
CVE-2018-19661: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the...2018

💬Community

2
Bugzilla
CVE-2018-19661 libsndfile: buffer over-read in the function i2ulaw_array in ulaw.c2018-12-14
Bugzilla
CVE-2018-19661 libsndfile: buffer over-read in the function i2ulaw_array in ulaw.c [fedora-all]2018-12-14