SB2018123015 - Out-of-bounds read in libsndfile (Alpine package)
Published: December 30, 2018
Security Bulletin ID
SB2018123015
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2018-19661)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=df783fb4ec118d2b2d6ad60ba87247d67895ed7d
- https://git.alpinelinux.org/aports/commit/?id=eb0e8dee37539898fe7a4d9f95ff1353d3d69519
- https://git.alpinelinux.org/aports/commit/?id=4f3a5a526e7da41c0c6642266d325fecc0d6ed0a
- https://git.alpinelinux.org/aports/commit/?id=67dc06446b7446135900a95906d11fb7efe2c416
- https://git.alpinelinux.org/aports/commit/?id=90497e314c0f7ee1c6804d0819315700efd762b9
- https://git.alpinelinux.org/aports/commit/?id=ccfe1f34f1a4ef840962b635ee5df67c259719ff
- https://git.alpinelinux.org/aports/commit/?id=de6750ba8908c9dd4f47cbc1289cb057cf21e800