Vulnerability Details CVE-2019-3832
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.2%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 1.9
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832
- https://github.com/erikd/libsndfile/issues/456
- https://github.com/erikd/libsndfile/pull/460
- https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
- https://security.gentoo.org/glsa/202007-65
- https://usn.ubuntu.com/4013-1/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832
- https://github.com/erikd/libsndfile/issues/456
- https://github.com/erikd/libsndfile/pull/460
- https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
- https://security.gentoo.org/glsa/202007-65
- https://usn.ubuntu.com/4013-1/
Products affected by CVE-2019-3832
-
cpe:2.3:a:libsndfile_project:libsndfile:1.0.28
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:9.0