Denial of service in libsndfile



Published: 2018-11-23 | Updated: 2023-08-17
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2018-19432
CVE-2018-13419
CVE-2018-19662
CVE-2018-19661
CVE-2018-19758
CWE-ID CWE-476
CWE-401
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe 		libsndfile
Client/Desktop applications / Multimedia software

Vendor Erik de Castro Lopo

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

Updated 29.11.2018.
Added vulnerabilities #2-5, bulletin marked as unpatched.

1) NULL pointer dereference

EUVDB-ID: #VU16040

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19432

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the function sf_write_int in sndfile.c. A remote attacker can trigger NULL pointer dereference and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libsndfile: 1.0.28

External links

http://github.com/erikd/libsndfile/issues/427


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Memory leak

EUVDB-ID: #VU16178

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-13419

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within psf_allocate in common.c, as demonstrated by sndfile-convert. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libsndfile: 1.0.28

External links

http://github.com/erikd/libsndfile/issues/398


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Out-of-bounds read

EUVDB-ID: #VU16177

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19662

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libsndfile: 1.0.28

External links

http://github.com/erikd/libsndfile/issues/429


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds read

EUVDB-ID: #VU16176

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19661

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libsndfile: 1.0.28

External links

http://github.com/erikd/libsndfile/issues/429


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Out-of-bounds read

EUVDB-ID: #VU16205

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19758

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overread condition in the wav_write_headerfunction, as defined in the wav.c source code file. A remote attacker can trick the victim into following a custom link or opening a crafted audio file that submits malicious input, trigger memory corruption and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libsndfile: 1.0.28

External links

http://bugzilla.redhat.com/show_bug.cgi?id=1643812


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###