CVE-2019-3832

Name
CVE-2019-3832
Description
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/erikd/libsndfile/pull/460
Exploit https://github.com/erikd/libsndfile/issues/456
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832
UBUNTU https://usn.ubuntu.com/4013-1/
GENTOO https://security.gentoo.org/glsa/202007-65
MLIST https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libsndfile_project:libsndfile:1.0.28:*:*:*:*:*:*:* libsndfile == None == 1.0.28

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libsndfile 3.12-main 1.0.28-r8 Natanael Copa <ncopa@alpinelinux.org> fixed
libsndfile 3.11-main 1.0.28-r8 Natanael Copa <ncopa@alpinelinux.org> fixed
libsndfile 3.10-main 1.0.28-r8 Natanael Copa <ncopa@alpinelinux.org> fixed