|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2018-19758: libsndfile: There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/219988/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2018-19758:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
poc0
Fix patch |
||
|
Description
Marcus Meissner
2018-11-30 15:37:52 UTC
Created attachment 791473 [details]
poc0
QA REPRODUCER:
sndfile-convert poc0 a.wav
should not crash
(currently crashes on 42.3 at least)
It's a missing check of loop_count in wav.c. The tentative fix patch is below. Created attachment 791738 [details]
Fix patch
Submitted the fix to TW, SUSE:SLE-15:Update, SUSE:SLE-12:Update and SUSE:SLE-11-SP1:Update. Reassigned back to security team. This is an autogenerated message for OBS integration: This bug (1117954) was mentioned in https://build.opensuse.org/request/show/653853 Factory / libsndfile SUSE-SU-2019:14008-1: An update that fixes three vulnerabilities is now available.
Category: security (moderate)
Bug References: 1071767,1071777,1117954
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-19758
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libsndfile-1.0.20-2.19.12.1
SUSE Linux Enterprise Server 11-SP4 (src): libsndfile-1.0.20-2.19.12.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src): libsndfile-1.0.20-2.19.12.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2615-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): libsndfile-1.0.25-36.23.1 SUSE OpenStack Cloud 9 (src): libsndfile-1.0.25-36.23.1 SUSE OpenStack Cloud 8 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP5 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libsndfile-1.0.25-36.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:2764-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: SUSE Manager Server 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Manager Retail Branch Server 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Manager Proxy 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server for SAP 15 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): libsndfile-1.0.28-5.12.1 SUSE Enterprise Storage 6 (src): libsndfile-1.0.28-5.12.1 SUSE CaaS Platform 4.0 (src): libsndfile-1.0.28-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:2764-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: openSUSE Leap 15.3 (src): libsndfile-1.0.28-5.12.1, libsndfile-progs-1.0.28-5.12.1 openSUSE-SU-2021:1166-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: openSUSE Leap 15.2 (src): libsndfile-1.0.28-lp152.6.3.1, libsndfile-progs-1.0.28-lp152.6.3.1 |