CVE-2018-19758
published 2018-11-30CVE-2018-19758: There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
1.69%
74.2th percentile
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libsndfile | < libsndfile 1.0.28-5 (bookworm) | libsndfile 1.0.28-5 (bookworm) |
| debian | libsndfile | < libsndfile 1.0.28-6 (bookworm) | libsndfile 1.0.28-6 (bookworm) |
| libsndfile_project | libsndfile | — | — |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-6 | 1.0.28-6 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-5 | 1.0.28-5 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-6 | 1.0.28-6 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-5 | 1.0.28-5 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-6 | 1.0.28-6 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-5 | 1.0.28-5 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-6 | 1.0.28-6 |
| libsndfile_project | libsndfile | >= 0 < 1.0.28-5 | 1.0.28-5 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-10ubuntu0.16.04.3 | 1.0.25-10ubuntu0.16.04.3 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-7ubuntu2.2+esm1 | 1.0.25-7ubuntu2.2+esm1 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_libsndfile_1.0.31-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cj6v-7q57-mrf3: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()
ghsa_unreviewed·2022-05-13·CVSS 6.5
CVE-2019-3832 [MEDIUM] CWE-125 GHSA-cj6v-7q57-mrf3: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
GHSA
GHSA-4jqr-pr36-m28w: There is a heap-based buffer over-read at wav
ghsa_unreviewed·2022-05-13
CVE-2018-19758 [MEDIUM] CWE-125 GHSA-4jqr-pr36-m28w: There is a heap-based buffer over-read at wav
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
OSV
libsndfile vulnerabilities
osv·2021-01-26·CVSS 9.8
CVE-2017-12562 [CRITICAL] libsndfile vulnerabilities
libsndfile vulnerabilities
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12562)
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245,
CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892,
CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662,
CVE-2018-19758, CVE-2019-3832)
OSV
CVE-2019-3832: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()
osv·2019-03-21·CVSS 6.5
CVE-2019-3832 [MEDIUM] CVE-2019-3832: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
OSV
CVE-2018-19758: There is a heap-based buffer over-read at wav
osv·2018-11-30·CVSS 6.5
CVE-2018-19758 [MEDIUM] CVE-2018-19758: There is a heap-based buffer over-read at wav
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Ubuntu
libsndfile vulnerabilities
vendor_ubuntu·2021-01-26·CVSS 9.8
CVE-2017-12562 [CRITICAL] libsndfile vulnerabilities
Title: libsndfile vulnerabilities
Summary: Several security issues were fixed in libsndfile.
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12562)
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245,
CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892,
CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662,
CVE-2018-19758, CVE-2019-3832)
Instructions: After a standard s
Ubuntu
libsndfile vulnerabilities
vendor_ubuntu·2019-06-10
CVE-2017-14245 libsndfile vulnerabilities
Title: libsndfile vulnerabilities
Summary: Several security issues were fixed in libsndfile.
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Microsoft
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this
vendor_msrc·2019-03-12·CVSS 5.0
CVE-2019-3832 [MEDIUM] CWE-125 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional product
Red Hat
libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
vendor_redhat·2019-02-07·CVSS 6.5
CVE-2019-3832 [MEDIUM] CWE-125 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
Package: libsndfile (Red Hat Enterprise Linux 6) - Will not fix
Package: libsndfile (Red Hat Enterprise Linux 7) - Fix deferred
Package: libsndfile (Red Hat Enterprise Linux 8) - Fix deferred
Debian
CVE-2019-3832: libsndfile - It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and s...
vendor_debian·2019·CVSS 6.5
CVE-2019-3832 [MEDIUM] CVE-2019-3832: libsndfile - It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and s...
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
Scope: local
bookworm: resolved (fixed in 1.0.28-6)
bullseye: resolved (fixed in 1.0.28-6)
forky: resolved (fixed in 1.0.28-6)
sid: resolved (fixed in 1.0.28-6)
trixie: resolved (fixed in 1.0.28-6)
Microsoft
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
vendor_msrc·2018-11-13·CVSS 6.5
CVE-2018-19758 [MEDIUM] CWE-125 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Requ
Red Hat
libsndfile: heap-based buffer over-read at wav.c in wav_write_header
vendor_redhat·2018-10-29·CVSS 6.5
CVE-2018-19758 [MEDIUM] CWE-125 libsndfile: heap-based buffer over-read at wav.c in wav_write_header
libsndfile: heap-based buffer over-read at wav.c in wav_write_header
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Package: libsndfile (Red Hat Enterprise Linux 6) - Will not fix
Package: libsndfile (Red Hat Enterprise Linux 7) - Fix deferred
Package: libsndfile (Red Hat Enterprise Linux 8) - Fix deferred
Debian
CVE-2018-19758: libsndfile - There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfil...
vendor_debian·2018·CVSS 6.5
CVE-2018-19758 [MEDIUM] CVE-2018-19758: libsndfile - There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfil...
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Scope: local
bookworm: resolved (fixed in 1.0.28-5)
bullseye: resolved (fixed in 1.0.28-5)
forky: resolved (fixed in 1.0.28-5)
sid: resolved (fixed in 1.0.28-5)
trixie: resolved (fixed in 1.0.28-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
bugzilla·2019-02-14·CVSS 6.5
CVE-2019-3832 [MEDIUM] CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits
It was discovered the fix for CVE-2018-19758 is not complete and it still allows to read beyond the limit of the buffer in function wav_write_header() in wav.c. Function wav_write_header() iterates through the `loops` array for an amount of times read from the file itself. However, this value is not correctly checked and the library can read beyond the limits of the `loops` array, possibly making the application crash.
Upstream issue:
https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
Discussion:
Acknowledgments:
Name: Riccardo Schirone (Red Hat)
---
Created libsndfile tracking bugs for this issue:
Affects: fedora-all [bug 1677219]
---
A PR has been submitted up
Bugzilla
CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits [fedora-all]
bugzilla·2019-02-14·CVSS 6.5
CVE-2019-3832 [MEDIUM] CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits [fedora-all]
CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header [fedora-all]
bugzilla·2018-12-14·CVSS 6.5
CVE-2018-19758 [MEDIUM] CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header [fedora-all]
CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header
bugzilla·2018-12-14·CVSS 6.5
CVE-2018-19758 [MEDIUM] CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header
CVE-2018-19758 libsndfile: heap-based buffer over-read at wav.c in wav_write_header
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1643812
Discussion:
Created libsndfile tracking bugs for this issue:
Affects: fedora-all [bug 1659639]
---
Upstream patch:
https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
---
Upstream issue:
https://github.com/erikd/libsndfile/issues/435
---
Function wav_write_header() in wav.c iterates through the `loops` array for an amount of times read from the file itself. However, this value is not correctly checked and the library can read beyond the limits of the `loops` array, possibly mak
https://bugzilla.redhat.com/show_bug.cgi?id=1643812https://lists.debian.org/debian-lts-announce/2019/01/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00030.htmlhttps://usn.ubuntu.com/4013-1/https://bugzilla.redhat.com/show_bug.cgi?id=1643812https://lists.debian.org/debian-lts-announce/2019/01/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00030.htmlhttps://usn.ubuntu.com/4013-1/
2018-11-30
Published