Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 671834 (CVE-2018-19432)

Summary: <media-libs/libsndfile-1.0.29_pre2_p20191024: out of bounds read in sf_write_int
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ blocked cve]
Package list:
Runtime testing required: ---
Bug Depends on: 631674    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2018-11-25 01:45:49 UTC
An issue was discovered in libsndfile 1.0.28. There is an out of bounds read at function sf_write_int, will lead to a denial of service or the others.

@maintainer(s): reported as fixed by

Gentoo Security Padawan
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 19:32:32 UTC
Potential Patches (as per RedHat Bug)

But appears to need this one, too (fix for CVE-2018-13139):

Also Debian has this fixed: 1.0.25-9.1+deb8u2

Maintainer(s) please advise.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-07-31 19:59:52 UTC
This issue was resolved and addressed in
 GLSA 202007-65 at
by GLSA coordinator Sam James (sam_c).