UbuntuUpdates.org

Package "libsndfile1-dev"

Name: libsndfile1-dev

Description:

Development files for libsndfile; a library for reading/writing audio files

Latest version: 1.0.25-10ubuntu0.16.04.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: libsndfile
Homepage: http://www.mega-nerd.com/libsndfile/

Links


Download "libsndfile1-dev"


Other versions of "libsndfile1-dev" in Xenial

Repository Area Version
base main 1.0.25-10
security main 1.0.25-10ubuntu0.16.04.3

Changelog

Version: 1.0.25-10ubuntu0.16.04.3 2021-01-26 19:07:06 UTC

  libsndfile (1.0.25-10ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2017-12562.patch: Size buffer correctly in
      src/common.c to prevent buffer overflows.
    - CVE-2017-12562

 -- Avital Ostromich <email address hidden> Thu, 14 Jan 2021 19:46:45 -0500

Source diff to previous version
CVE-2017-12562 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of

Version: 1.0.25-10ubuntu0.16.04.2 2019-06-10 16:06:48 UTC

  libsndfile (1.0.25-10ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
    - CVE-2017-6892, CVE-2017-14245, CVE-2017-14246, CVE-2017-14634,
      CVE-2017-16942, CVE-2017-17456, CVE-2017-17457, CVE-2018-13139,
      CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758,
      CVE-2019-3832

 -- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:35:20 -0400

Source diff to previous version
CVE-2017-6892 In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access v
CVE-2017-14245 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate
CVE-2017-14246 An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, relate
CVE-2017-14634 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio
CVE-2017-16942 In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS wh
CVE-2017-17456 The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different
CVE-2017-17457 The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different
CVE-2018-13139 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash)
CVE-2018-19432 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a den
CVE-2018-19661 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of servic
CVE-2018-19662 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of servic
CVE-2018-19758 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVE-2019-3832 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header(

Version: 1.0.25-10ubuntu0.16.04.1 2017-06-01 15:06:45 UTC

  libsndfile (1.0.25-10ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      1.0.25-9.1+deb7u2 release. Thanks!
    - CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
      CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365

 -- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:38:37 -0400

CVE-2017-7585 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a spe
CVE-2017-7586 In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffe
CVE-2017-7741 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write me
CVE-2017-7742 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read mem
CVE-2017-8361 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application cr
CVE-2017-8362 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash
CVE-2017-8363 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and ap
CVE-2017-8365 The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash)



About   -   Send Feedback to @ubuntu_updates