SB2021081722 - SUSE update for libsndfile

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2018-13139)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to stack-based buffer overflow in psf_memset in common.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the service to crash.

2) NULL pointer dereference (CVE-ID: CVE-2018-19432)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the function sf_write_int in sndfile.c. A remote attacker can trigger NULL pointer dereference and cause the service to crash.

3) Out-of-bounds read (CVE-ID: CVE-2018-19758)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overread condition in the wav_write_headerfunction, as defined in the wav.c source code file. A remote attacker can trick the victim into following a custom link or opening a crafted audio file that submits malicious input, trigger memory corruption and perform a denial of service attack.

4) Heap-based buffer overflow (CVE-ID: CVE-2021-3246)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error msadpcm_decode_block() function of libsndfile. A remote attacker can trick the victim to open a specially crafted WAV file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2021/suse-su-20212764-1/