CVE-2018-19432

CVE-2018-19432

Name

CVE-2018-19432

Description

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/erikd/libsndfile/issues/427
Third Party Advisory	http://www.securityfocus.com/bid/105996
Mailing List	https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html
UBUNTU	https://usn.ubuntu.com/4013-1/

Type

URI

Exploit

https://github.com/erikd/libsndfile/issues/427

Third Party Advisory

http://www.securityfocus.com/bid/105996

Mailing List

https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html

UBUNTU

https://usn.ubuntu.com/4013-1/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:::::::*`	libsndfile	== None	== 1.0.28

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:*

libsndfile

== None

== 1.0.28

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libsndfile	edge-main	1.0.28-r8	None	possibly vulnerable
libsndfile	edge-main	1.0.28-r6	None	possibly vulnerable
libsndfile	edge-main	1.0.28-r4	None	possibly vulnerable
libsndfile	edge-main	1.0.28-r2	None	possibly vulnerable
libsndfile	edge-main	1.0.28-r1	None	possibly vulnerable
libsndfile	edge-main	1.0.28-r0	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r8	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r6	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r4	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r2	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r1	None	possibly vulnerable
libsndfile	3.22-main	1.0.28-r0	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r8	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r6	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r4	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r2	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r1	None	possibly vulnerable
libsndfile	3.21-main	1.0.28-r0	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r8	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r6	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r4	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r2	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r1	None	possibly vulnerable
libsndfile	3.20-main	1.0.28-r0	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r8	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r6	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r4	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r2	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r1	None	possibly vulnerable
libsndfile	3.19-main	1.0.28-r0	None	possibly vulnerable
libsndfile	3.12-main	1.0.28-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libsndfile	3.11-main	1.0.28-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libsndfile

edge-main

1.0.28-r8

None

possibly vulnerable

libsndfile

edge-main