Published: 05/07/2019 Updated: 24/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

posix/JackSocket.cpp in libjack in JACK2 1.9.1 up to and including 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jackaudio jack2
alsa-project alsa

Debian Bug report logs - #931488 jackd2: CVE-2019-13351 Package: src:jackd2; Maintainer for src:jackd2 is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Jul 2019 08:39:01 UTC Severity: important Tags: security, up ...

NVD-CWE-noinfo https://github.com/jackaudio/jack2/pull/480 https://github.com/xbmc/xbmc/issues/16258 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931488 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-13351

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect