PT-2018-2727 · Eric Young+7 · Libsndfile+7

Published

2018-07-03

Updated

2024-06-15

CVE-2018-13139

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsndfile version 1.0.28

Description The issue is related to a stack-based buffer overflow in the psf memset function, which can be triggered by a crafted audio file. This allows a remote attacker to cause a denial of service, potentially leading to an application crash. The vulnerability can be exploited using the sndfile-deinterleave executable.

Recommendations For libsndfile version 1.0.28, consider avoiding the use of the sndfile-deinterleave executable until a patch is available. As a temporary workaround, restrict access to crafted audio files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2020:1636

ALT-PU-2020-3449

ALT-PU-2020-3469

ALT-PU-2021-2149

BDU:2019-01624

CESA-2020_1185

CESA-2020_1636

CVE-2018-13139

DLA-1618-1

MGASA-2018-0336

OPENSUSE-SU-2018_2209-1

OPENSUSE-SU-2018_2214-1

OPENSUSE-SU-2021:1166-1

OPENSUSE-SU-2021:2764-1

OPENSUSE-SU-2021_1166-1

OPENSUSE-SU-2021_2764-1

OPENSUSE-SU-2024:10992-1

RHSA-2020:1185

RHSA-2020:1636

RHSA-2020_1185

RHSA-2020_1636

RLSA-2020:1636

SUSE-SU-2018:2065-1

SUSE-SU-2018:2074-1

SUSE-SU-2021:2615-1

SUSE-SU-2021:2764-1

SUSE-SU-2021_2615-1

SUSE-SU-2021_2764-1

USN-4013-1

USN-4704-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libsndfile

PT-2018-2727 · Eric Young+7 · Libsndfile+7

CVE-2018-13139

Weakness Enumeration

Related Identifiers

Affected Products

References · 81