Bug 671834 (CVE-2018-19432)

Summary:	<media-libs/libsndfile-1.0.29_pre2_p20191024: out of bounds read in sf_write_int
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	sound
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/erikd/libsndfile/issues/427
Whiteboard:	B3 [glsa+ blocked cve]
Package list:		Runtime testing required:	---
Bug Depends on:	631674
Bug Blocks:

Description D'juan McDonald (domhnall) 2018-11-25 01:45:49 UTC

An issue was discovered in libsndfile 1.0.28. There is an out of bounds read at function sf_write_int, will lead to a denial of service or the others.


@maintainer(s): reported as fixed by 
https://github.com/erikd/libsndfile/commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5

Gentoo Security Padawan
(domhnall)

Comment 1 Yury German Gentoo Infrastructure

2019-04-27 19:32:32 UTC

Potential Patches (as per RedHat Bug)
https://github.com/erikd/libsndfile/commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5

But appears to need this one, too (fix for CVE-2018-13139):
https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077

Also Debian has this fixed: 1.0.25-9.1+deb8u2

Maintainer(s) please advise.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2020-07-31 19:59:52 UTC

This issue was resolved and addressed in
 GLSA 202007-65 at https://security.gentoo.org/glsa/202007-65
by GLSA coordinator Sam James (sam_c).