Advisories » MGASA-2020-0197

Updated libsndfile packages fix security vulnerabilities

Publication date: 05 May 2020
Modification date: 05 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2018-19661 , CVE-2018-19662

Description

Updated libsndfile packages fix security vulnerabilities:

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read
in the function i2ulaw_array in ulaw.c that will lead to a denial of
service (CVE-2018-19661).

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read
in the function i2alaw_array in alaw.c that will lead to a denial of
service (CVE-2018-19662).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26562
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19661
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19662

SRPMS

7/core

• libsndfile-1.0.28-8.2.mga7