Libsndfile
CVE-2018-13419
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue
AnalysisAI
An issue has been found in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-772. An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue Affected products include: Libsndfile Project Libsndfile.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Libsndfile
View allHeap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex val
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary
An issue was discovered in libsndfile 1.0.28. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) c
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encod
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of ser
An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote a
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today