Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-19432

Published: 22 November 2018

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.

Notes

AuthorNote
mdeslaur
in Check-MAX_CHANNELS-in-sndfile-deinterleave.patch patch in
disco+

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libsndfile
Launchpad, Ubuntu, Debian
bionic
Released (1.0.28-4ubuntu0.18.04.1)
cosmic
Released (1.0.28-4ubuntu0.18.10.1)
disco Not vulnerable
(1.0.28-6)
eoan Not vulnerable
(1.0.28-6)
focal Not vulnerable
(1.0.28-6)
groovy Not vulnerable
(1.0.28-6)
precise Does not exist

trusty
Released (1.0.25-7ubuntu2.2+esm1)
upstream Needs triage

xenial
Released (1.0.25-10ubuntu0.16.04.2)
Patches:
upstream: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077