CVE-2018-19662Out-of-bounds Read in Libsndfile

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound12 documents9 sources
Severity
8.1HIGHNVD
OSV9.8
EPSS
0.7%
top 27.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libsndfile Project LibsndfileDebian LibsndfileDebian Linux+3 more
Timeline
PublishedNov 29
Latest updateMay 13

Description

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

debiandebian/libsndfile< libsndfile 1.0.28-5 (bookworm)
Debianlibsndfile_project/libsndfile< 1.0.28-5+3
Ubuntulibsndfile_project/libsndfile< 1.0.25-10ubuntu0.16.04.3+1

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-2pw9-xw4m-4w44: An issue was discovered in libsndfile 12022-05-13
OSV
libsndfile vulnerabilities2021-01-26
OSV
CVE-2018-19662: An issue was discovered in libsndfile 12018-11-29
CVEList
CVE-2018-19662: An issue was discovered in libsndfile 12018-11-29

📋Vendor Advisories

5
Ubuntu
libsndfile vulnerabilities2021-01-26
Ubuntu
libsndfile vulnerabilities2019-06-10
Red Hat
libsndfile: buffer over-read in the function i2alaw_array in alaw.c2018-11-27
Microsoft
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.2018-11-13
Debian
CVE-2018-19662: libsndfile - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the...2018

💬Community

2
Bugzilla
CVE-2018-19662 libsndfile: buffer over-read in the function i2alaw_array in alaw.c2018-12-14
Bugzilla
CVE-2018-19662 libsndfile: buffer over-read in the function i2alaw_array in alaw.c [fedora-all]2018-12-14