Skip to main content

Libsndfile CVE-2018-13139

HIGH
Out-of-bounds Write (CWE-787)
2018-07-04 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 04, 2018 - 14:29 nvd
HIGH 8.8

DescriptionNVD

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

AnalysisAI

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. Affected products include: Libsndfile Project Libsndfile, Debian Debian Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2015-7805 CRITICAL POC
9.3 Nov 17

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex val

CVE-2021-3246 HIGH POC
8.8 Jul 20

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary

CVE-2018-19662 HIGH POC
8.1 Nov 29

An issue was discovered in libsndfile 1.0.28. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable

CVE-2026-37555 HIGH POC
7.5 Apr 29

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) c

CVE-2024-50613 MEDIUM POC
6.5 Oct 27

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encod

CVE-2018-19758 MEDIUM POC
6.5 Nov 30

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of ser

CVE-2018-19661 MEDIUM POC
6.5 Nov 29

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

CVE-2018-19432 MEDIUM POC
6.5 Nov 22

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

CVE-2017-12562 CRITICAL
9.8 Aug 05

Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote a

CVE-2017-7742 MEDIUM POC
5.5 Apr 12

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta

CVE-2017-7741 MEDIUM POC
5.5 Apr 12

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta

CVE-2019-3832 MEDIUM POC
5.5 Mar 21

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of

Share

CVE-2018-13139 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy