Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
Security issues fixed:
- CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
- CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
- CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2018:2209-1
- SUSE Security Ratings
Описание
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.
Затронутые продукты
Ссылки
- CVE-2017-17456
- SUSE Bug 1059912
- SUSE Bug 1071777
- SUSE Bug 1117906
Описание
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.
Затронутые продукты
Ссылки
- CVE-2017-17457
- SUSE Bug 1059913
- SUSE Bug 1071767
- SUSE Bug 1117906
Описание
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
Затронутые продукты
Ссылки
- CVE-2018-13139
- SUSE Bug 1100167
- SUSE Bug 1116993