user/libsndfile: multiple vulnerabilities
| Bugzilla ID | 127 |
| Alias(es) | CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-6892, CVE-2017-8361, CVE-2017-8363, CVE-2017-8365, CVE-2018-13139, CVE-2018-13419, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:19:58 -0500 |
| Modified | 2020-06-22 06:14:26 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libsndfile |
Description
CVE-2017-6892: https://nvd.nist.gov/vuln/detail/CVE-2017-6892
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()"
function (aiff.c) can be exploited to cause an out-of-bounds read
memory access via a specially crafted AIFF file.
CVE-2017-14245: https://nvd.nist.gov/vuln/detail/CVE-2017-14245
An out of bounds read in the function d2alaw_array() in alaw.c of
libsndfile 1.0.28 may lead to a remote DoS attack or information
disclosure, related to mishandling of the NAN and INFINITY
floating-point values.
CVE-2017-14246: https://nvd.nist.gov/vuln/detail/CVE-2017-14246
An out of bounds read in the function d2ulaw_array() in ulaw.c of
libsndfile 1.0.28 may lead to a remote DoS attack or information
disclosure, related to mishandling of the NAN and INFINITY
floating-point values.
CVE-2017-14634: https://nvd.nist.gov/vuln/detail/CVE-2017-14634
In libsndfile 1.0.28, a divide-by-zero error exists in the function
double64_init() in double64.c, which may lead to DoS when playing a
crafted audio file.
CVE-2018-13139: https://nvd.nist.gov/vuln/detail/CVE-2018-13139
A stack-based buffer overflow in psf_memset in common.c in libsndfile
1.0.28 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted audio file. The vulnerability can be triggered by the
executable sndfile-deinterleave.
CVE-2018-13419: https://nvd.nist.gov/vuln/detail/CVE-2018-13419
** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is
a memory leak in psf_allocate in common.c, as demonstrated by
sndfile-convert. NOTE: The maintainer and third parties were unable to
reproduce and closed the issue.
CVE-2018-19432: https://nvd.nist.gov/vuln/detail/CVE-2018-19432
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer
dereference in the function sf_write_int in sndfile.c, which will lead
to a denial of service.
CVE-2018-19661: https://nvd.nist.gov/vuln/detail/CVE-2018-19661
An issue was discovered in libsndfile 1.0.28. There is a buffer
over-read in the function i2ulaw_array in ulaw.c that will lead to a
denial of service.
CVE-2018-19662: https://nvd.nist.gov/vuln/detail/CVE-2018-19662
An issue was discovered in libsndfile 1.0.28. There is a buffer
over-read in the function i2alaw_array in alaw.c that will lead to a
denial of service.
CVE-2018-19758: https://nvd.nist.gov/vuln/detail/CVE-2018-19758
There is a heap-based buffer over-read at wav.c in wav_write_header in
libsndfile 1.0.28 that will cause a denial of service.
CVE-2019-3832: https://nvd.nist.gov/vuln/detail/CVE-2019-3832
It was discovered the fix for CVE-2018-19758 (libsndfile) was not
complete and still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use this
flaw to make the application crash.