Libsndfile 'sndfile.c' Denial of Service Vulnerability

Libsndfile is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions.

Information

Bugtraq ID: 105996
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-19432

Remote: Yes
Local: No
Published: Nov 22 2018 12:00AM
Updated: Nov 22 2018 12:00AM
Credit: Pedro Sampaio
Vulnerable: libsndfile libsndfile 1.0.28

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

libsndfile Homepage (libsndfile)
CVE-2018-19432 (Redhat)
CVE-2018-19432 libsndfile: Null pointer dereference in function sf_write_int in (Red Hat Bugzilla)
out of bounds read in sf_write_int (Github)

Source: www.securityfocus.com

Exploit Collector

Search Exploit