CVE-2019-3832

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832

https://github.com/erikd/libsndfile/issues/456

https://github.com/erikd/libsndfile/pull/460

https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html

https://security.gentoo.org/glsa/202007-65

https://usn.ubuntu.com/4013-1/

Details

Source: MITRE

Published: 2019-03-21

Updated: 2020-10-29

Type: CWE-125

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.3

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
146681EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2021-1319)NessusHuawei Local Security Checks
medium
145464Ubuntu 16.04 LTS : libsndfile vulnerabilities (USN-4704-1)NessusUbuntu Local Security Checks
critical
142545EulerOS Virtualization 3.0.6.6 : libsndfile (EulerOS-SA-2020-2469)NessusHuawei Local Security Checks
medium
142107Debian DLA-2418-1 : libsndfile security updateNessusDebian Local Security Checks
high
142084EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2020-2254)NessusHuawei Local Security Checks
medium
140861EulerOS 2.0 SP3 : libsndfile (EulerOS-SA-2020-2094)NessusHuawei Local Security Checks
medium
139273GLSA-202007-65 : libsndfile: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
131516EulerOS Virtualization for ARM 64 3.0.3.0 : libsndfile (EulerOS-SA-2019-2351)NessusHuawei Local Security Checks
critical
125812Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : libsndfile vulnerabilities (USN-4013-1)NessusUbuntu Local Security Checks
high
122827Debian DLA-1712-1 : libsndfile security updateNessusDebian Local Security Checks
medium