AVG-1549 log

Package libsndfile
Status Fixed
Severity Medium
Type multiple issues
Affected 1.0.28-3
Fixed 1.0.31-1
Current 1.0.31-1 [extra]
Ticket FS#57434
Created Tue Feb 9 09:51:30 2021
Issue Severity Remote Type Description
CVE-2019-3832 Medium No Information disclosure
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header()...
CVE-2018-19758 Medium No Information disclosure
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVE-2018-19662 Medium No Information disclosure
An issue was discovered in libsndfile 1.0.28. There is a buffer over- read in the function i2alaw_array in alaw.c that will lead to a denial of service.
CVE-2018-19661 Medium No Information disclosure
An issue was discovered in libsndfile 1.0.28. There is a buffer over- read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
CVE-2018-19432 Low No Denial of service
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
CVE-2018-13139 Medium No Arbitrary code execution
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or...
CVE-2017-14634 Low No Denial of service
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
CVE-2017-14246 Medium No Information disclosure
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to...
CVE-2017-14245 Medium No Information disclosure
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to...
CVE-2017-12562 Medium No Information disclosure
A heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of...
CVE-2017-8365 Low No Denial of service
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a...
CVE-2017-8363 Low No Denial of service
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over- read and...
CVE-2017-8362 Low No Denial of service
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a...
CVE-2017-8361 Medium No Information disclosure
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or...
CVE-2017-6892 Medium No Information disclosure
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a...