SB2018091857 - Stack-based buffer overflow in libsndfile (Alpine package)
Published: September 18, 2018
Security Bulletin ID
SB2018091857
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-13139)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to stack-based buffer overflow in psf_memset in common.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=eb0e8dee37539898fe7a4d9f95ff1353d3d69519
- https://git.alpinelinux.org/aports/commit/?id=a60439fe4b46f353fbf2147080cf6ff265a71623
- https://git.alpinelinux.org/aports/commit/?id=2272f43516da3b21db1048c3b8ffdc96a084c175
- https://git.alpinelinux.org/aports/commit/?id=a26f59185b03aab7c54f2f2c1af61547cb26902a
- https://git.alpinelinux.org/aports/commit/?id=b67fcde7e22cf8aba7f571dd4df51c07e318760b
- https://git.alpinelinux.org/aports/commit/?id=cc6fbbbad60e65ca25f20d81c9d712662e6fc230
- https://git.alpinelinux.org/aports/commit/?id=eca01df34c7377001329ab44e76e8652094cd4be