logo
DATABASE RESOURCES PRICING ABOUT US

AlmaLinux 8 : libsndfile (ALSA-2020:1636)

Description

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2020:1636 advisory. - A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. (CVE-2018-13139) - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. (CVE-2018-19662) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related