Vulnerability Details CVE-2018-19758
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1643812
- https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
- https://usn.ubuntu.com/4013-1/
- https://bugzilla.redhat.com/show_bug.cgi?id=1643812
- https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
- https://usn.ubuntu.com/4013-1/
Products affected by CVE-2018-19758
-
cpe:2.3:a:libsndfile_project:libsndfile:1.0.28
-
cpe:2.3:o:debian:debian_linux:8.0