Libmysofa
CVE-2019-20063
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
AnalysisAI
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-665. hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. Affected products include: Symonics Libmysofa. Version information: before 0.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotel
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header mess
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack con
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated critical sever
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. Rated critical severity (CVSS 9.8), t
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. Rated critical
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. Rated high severity (CVSS 7.5), this vulner
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated high severity (
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Rated high severity (CVSS 7.5)
Same weakness CWE-665 – Improper Initialization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today