[3.5] libsndfile: Multiple vulnerabilities (CVE-2017-14245, CVE-2017-17456, CVE-2017-17457, CVE-2018-13139)
CVE-2017-14245: An out of bounds read in the function
d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead
to a remote DoS attack or information disclosure, related to mishandling
of the NAN and INFINITY floating-point values.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14245
https://github.com/erikd/libsndfile/issues/317
CVE-2017-17456: The function d2alaw_array() in alaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack
(SEGV on unknown address 0x000000000000), a different vulnerability than
CVE-2017-14245.
References:
https://github.com/erikd/libsndfile/issues/344
https://nvd.nist.gov/vuln/detail/CVE-2017-17456
CVE-2017-17457: The function d2ulaw_array() in ulaw.c of libsndfile
1.0.29pre1 may lead to a remote DoS attack
(SEGV on unknown address 0x000000000000), a different vulnerability than
CVE-2017-14246.
References:
https://github.com/erikd/libsndfile/issues/344
CVE-2018-13139: A stack-based buffer overflow in psf_memset in
common.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted audio file.
The vulnerability can be triggered by the executable
sndfile-deinterleave.
References:
https://github.com/erikd/libsndfile/issues/397
https://nvd.nist.gov/vuln/detail/CVE-2018-13139
(from redmine: issue id 9236, created on 2018-08-13, closed on 2019-05-04)
- Relations:
- copied_to #9231
- parent #9231
- Changesets:
- Revision b67fcde7 on 2018-09-19T12:14:07Z:
main/libsndfile: security fix (CVE-2018-13139)
Partially fixes #9236
- Revision 90497e31 on 2018-12-31T10:12:49Z:
main/libsndfile: security fixes (CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662)
This is upstream commit 8ddc442d539ca775d80cdbc7af17a718634a743f
Partially fixes #9236