CVE-2019-3832

2019-03-2020:00:27

CWE-125

redhat

www.cve.org

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

CNA Affected

[
  {
    "product": "libsndfile",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "NA"
      }
    ]
  }
]