Published: 21/03/2019 Updated: 01/03/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

It exists the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsndfile project libsndfile 1.0.28
debian debian linux 9.0
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 16.04

Debian Bug report logs - #922372 libsndfile: CVE-2019-3832: incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits Package: src:libsndfile; Maintainer for src:libsndfile is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date ...

Several security issues were fixed in libsndfile ...

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wavc A local attacker may use this flaw to make the application crash ...

CWE-125 https://github.com/erikd/libsndfile/pull/460 https://github.com/erikd/libsndfile/issues/456 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832 https://usn.ubuntu.com/4013-1/https://security.gentoo.org/glsa/202007-65 https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922372 https://usn.ubuntu.com/4013-1/https://nvd.nist.gov

CVE-2019-3832

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect