Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
Security issues fixed:
- CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
- CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
- CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:2214-1
- SUSE Security Ratings
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2017-17456
- SUSE Bug 1059912
- SUSE Bug 1071777
- SUSE Bug 1117906
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14246. Reason: This candidate is a duplicate of CVE-2017-14246. Notes: All CVE users should reference CVE-2017-14246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2017-17457
- SUSE Bug 1059913
- SUSE Bug 1071767
- SUSE Bug 1117906
Описание
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
Затронутые продукты
Ссылки
- CVE-2018-13139
- SUSE Bug 1100167
- SUSE Bug 1116993