Skip to main content

Libsndfile CVE-2018-19758

MEDIUM
Out-of-bounds Read (CWE-125)
2018-11-30 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 30, 2018 - 03:29 nvd
MEDIUM 6.5

DescriptionNVD

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.

AnalysisAI

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Affected products include: Libsndfile Project Libsndfile, Debian Debian Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2015-7805 CRITICAL POC
9.3 Nov 17

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex val

CVE-2021-3246 HIGH POC
8.8 Jul 20

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary

CVE-2018-19662 HIGH POC
8.1 Nov 29

An issue was discovered in libsndfile 1.0.28. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable

CVE-2026-37555 HIGH POC
7.5 Apr 29

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) c

CVE-2024-50613 MEDIUM POC
6.5 Oct 27

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encod

CVE-2018-19661 MEDIUM POC
6.5 Nov 29

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

CVE-2018-19432 MEDIUM POC
6.5 Nov 22

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

CVE-2017-12562 CRITICAL
9.8 Aug 05

Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote a

CVE-2017-7742 MEDIUM POC
5.5 Apr 12

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta

CVE-2017-7741 MEDIUM POC
5.5 Apr 12

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmenta

CVE-2019-3832 MEDIUM POC
5.5 Mar 21

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of

CVE-2025-56226 MEDIUM POC
5.3 Jan 14

Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode

Share

CVE-2018-19758 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy