Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 671834 (CVE-2018-19432) - <media-libs/libsndfile-1.0.29_pre2_p20191024: out of bounds read in sf_write_int
Summary: <media-libs/libsndfile-1.0.29_pre2_p20191024: out of bounds read in sf_write_int
Alias: CVE-2018-19432
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+ blocked cve]
Depends on: CVE-2017-14245, CVE-2017-14246, CVE-2019-3832
  Show dependency tree
Reported: 2018-11-25 01:45 UTC by D'juan McDonald (domhnall)
Modified: 2020-07-31 20:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-11-25 01:45:49 UTC
An issue was discovered in libsndfile 1.0.28. There is an out of bounds read at function sf_write_int, will lead to a denial of service or the others.

@maintainer(s): reported as fixed by

Gentoo Security Padawan
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 19:32:32 UTC
Potential Patches (as per RedHat Bug)

But appears to need this one, too (fix for CVE-2018-13139):

Also Debian has this fixed: 1.0.25-9.1+deb8u2

Maintainer(s) please advise.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-07-31 19:59:52 UTC
This issue was resolved and addressed in
 GLSA 202007-65 at
by GLSA coordinator Sam James (sam_c).