A flaw was found in libsndfile 1.0.28. A stack-based buffer overflow in psf_memset in common.c in allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. Gentoo Security Scout Florian Schuhmacher
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1 commit e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-18 21:23:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-18 21:24:08 +0000 media-libs/libsndfile: Fix CVE-2018-13139 Bug: https://bugs.gentoo.org/660452 Package-Manager: Portage-2.3.49, Repoman-2.3.10 .../files/libsndfile-1.0.28-CVE-2018-13139.patch | 31 ++++++++++ media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild | 67 ++++++++++++++++++++++ 2 files changed, 98 insertions(+)
This issue was resolved and addressed in GLSA 201811-23 at https://security.gentoo.org/glsa/201811-23 by GLSA coordinator Aaron Bauman (b-man).