Package "libsndfile"
Name: |
libsndfile
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Sample programs that use libsndfile
|
Latest version: |
1.0.28-4ubuntu0.18.04.2 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "libsndfile" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
libsndfile (1.0.28-4ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
arbitrary code execution via crafted WAV file.
- debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
to validate samples per block
- CVE-2021-3246
-- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:45 +0930
|
Source diff to previous version |
CVE-2021-3246 |
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. |
|
libsndfile (1.0.28-4ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
- CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-17456,
CVE-2017-17457, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661,
CVE-2018-19662, CVE-2018-19758, CVE-2019-3832
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:06:41 -0400
|
CVE-2017-14245 |
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate |
CVE-2017-14246 |
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate |
CVE-2017-14634 |
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio |
CVE-2017-17456 |
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different |
CVE-2017-17457 |
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different |
CVE-2018-13139 |
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) |
CVE-2018-19432 |
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a den |
CVE-2018-19661 |
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of servic |
CVE-2018-19662 |
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of servic |
CVE-2018-19758 |
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. |
CVE-2019-3832 |
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header( |
|
About
-
Send Feedback to @ubuntu_updates