libsndfile is vulnerable to privilege escalation. The vulnerability exists through a buffer over-read in the function i2alaw_array in alaw.c.
CPE | Name | Operator | Version |
---|---|---|---|
libsndfile | eq | 1.0.28__8.el8 | |
libsndfile | eq | 1.0.25__11.el7 | |
libsndfile:3.5 | eq | 1.0.28-r3 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2020:1636
access.redhat.com/security/updates/classification/#moderate
github.com/erikd/libsndfile/issues/429
lists.debian.org/debian-lts-announce/2018/12/msg00016.html
lists.debian.org/debian-lts-announce/2020/10/msg00030.html
usn.ubuntu.com/4013-1/