logo
DATABASE RESOURCES PRICING ABOUT US

NewStart CGSL CORE 5.05 / MAIN 5.05 : libsndfile Multiple Vulnerabilities (NS-SA-2022-0045)

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libsndfile packages installed that are affected by multiple vulnerabilities: - An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. (CVE-2018-19662) - A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. (CVE-2021-3246) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related