UbuntuUpdates.org

Package "libsndfile"

Name: libsndfile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Library for reading/writing audio files
  • Development files for libsndfile; a library for reading/writing audio files

Latest version: 1.0.28-4ubuntu0.18.04.2
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "libsndfile" in Bionic

Repository Area Version
base main 1.0.28-4
base universe 1.0.28-4
security main 1.0.28-4ubuntu0.18.04.2
security universe 1.0.28-4ubuntu0.18.04.2
updates universe 1.0.28-4ubuntu0.18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.28-4ubuntu0.18.04.2 2021-07-29 03:06:22 UTC

  libsndfile (1.0.28-4ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
    arbitrary code execution via crafted WAV file.
    - debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
      to validate samples per block
    - CVE-2021-3246

 -- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:45 +0930

Source diff to previous version
CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

Version: 1.0.28-4ubuntu0.18.04.1 2019-06-10 16:06:57 UTC

  libsndfile (1.0.28-4ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
    - CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-17456,
      CVE-2017-17457, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661,
      CVE-2018-19662, CVE-2018-19758, CVE-2019-3832

 -- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:06:41 -0400

CVE-2017-14245 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate
CVE-2017-14246 An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate
CVE-2017-14634 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio
CVE-2017-17456 The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different
CVE-2017-17457 The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different
CVE-2018-13139 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash)
CVE-2018-19432 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a den
CVE-2018-19661 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of servic
CVE-2018-19662 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of servic
CVE-2018-19758 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVE-2019-3832 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header(



About   -   Send Feedback to @ubuntu_updates