Your submission was sent successfully! Close

CVE-2018-19662

Published: 29 November 2018

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.

Notes

AuthorNote
mdeslaur
a-ulaw-fix-multiple-buffer-overflows-432.patch
Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
libsndfile
Launchpad, Ubuntu, Debian
bionic
Released (1.0.28-4ubuntu0.18.04.1)
cosmic
Released (1.0.28-4ubuntu0.18.10.1)
disco Not vulnerable
(1.0.28-6)
eoan Not vulnerable
(1.0.28-6)
focal Not vulnerable
(1.0.28-6)
groovy Not vulnerable
(1.0.28-6)
precise Does not exist

trusty
Released (1.0.25-7ubuntu2.2+esm1)
upstream
Released (1.0.28-5)
xenial
Released (1.0.25-10ubuntu0.16.04.2)
Patches:
upstream: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f