Bug 1117906 – VUL-1: CVE-2018-19661: libsndfile: buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.

Bug 1117906 - (CVE-2018-19661) VUL-1: CVE-2018-19661: libsndfile: buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.

(CVE-2018-19661)
Summary:	VUL-1: CVE-2018-19661: libsndfile: buffer over-read in the function i2ulaw_ar...

Status:	RESOLVED WORKSFORME

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/219895/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-11-30 10:47 UTC by Marcus Meissner
Modified:	2020-04-28 14:42 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
global-buffer-overflow__i2alaw_array (4.90 KB, audio/x-wav) 2018-11-30 10:49 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-11-30 10:47:02 UTC

CVE-2018-19661

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the
function i2ulaw_array in ulaw.c that will lead to a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19661
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19661.html
https://github.com/erikd/libsndfile/issues/429

Comment 1 Marcus Meissner 2018-11-30 10:49:21 UTC

Created attachment 791412 [details]
global-buffer-overflow__i2alaw_array

QA REPRODUCER:

valgrind sndfile-convert -ulaw global-buffer-overflow__i2alaw_array out.raw

valgrind sndfile-convert -alaw global-buffer-overflow__i2alaw_array out.raw

(does not reproduce on 42.3 so far, perhaps needs ASAN)

Comment 2 Marcus Meissner 2018-11-30 10:59:46 UTC

this looks quite similar to CVE-2017-17457 and CVE-2017-17456

Comment 3 Takashi Iwai 2018-11-30 11:25:24 UTC

(In reply to Marcus Meissner from comment #2)
> this looks quite similar to CVE-2017-17457 and CVE-2017-17456

Yes, very likely the dup.  We have already our own fix for the bugs above, which covers this case as well.

At least, the bug can't be triggered on TW and other versions as far as I checked.

Reassigned back to security team.

Comment 4 Alexandros Toptsoglou 2020-04-28 14:42:51 UTC

Closing