CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-3832
https://notcve.org/view.php?id=CVE-2019-3832
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. Se ha descubierto que la solución para CVE-2018-19758 (libsndfile) no estaba completa y sigue permitiendo una lectura más allá de los límites de un búfer en la función wav_write_header() en wav.c. Un atacante local podría utilizar este fallo para provocar un cierre inesperado de la aplicación • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832 https://github.com/erikd/libsndfile/issues/456 https://github.com/erikd/libsndfile/pull/460 https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://security.gentoo.org/glsa/202007-65 https://usn.ubuntu.com/4013-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19758
https://notcve.org/view.php?id=CVE-2018-19758
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en wav.c en wav_write_header en libsndfile 1.0.28 que provoca una denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1643812 https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://usn.ubuntu.com/4013-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19661
https://notcve.org/view.php?id=CVE-2018-19661
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de búfer en la función i2ulaw_array en ulaw.c que provoca una denegación de servicio. • https://github.com/erikd/libsndfile/issues/429 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://usn.ubuntu.com/4013-1 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19662 – libsndfile: buffer over-read in the function i2alaw_array in alaw.c
https://notcve.org/view.php?id=CVE-2018-19662
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una sobrelectura de búfer en la función i2alaw_array en alaw.c que provoca una denegación de servicio. • https://github.com/erikd/libsndfile/issues/429 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://usn.ubuntu.com/4013-1 https://access.redhat.com/security/cve/CVE-2018-19662 https://bugzilla.redhat.com/show_bug.cgi?id=1659631 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19432
https://notcve.org/view.php?id=CVE-2018-19432
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. Se ha descubierto un problema en libsndfile 1.0.28. Existe una desreferencia de puntero NULL en la función sf_write_int en sndfile.c que provocaría un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/105996 https://github.com/erikd/libsndfile/issues/427 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html https://usn.ubuntu.com/4013-1 • CWE-476: NULL Pointer Dereference •