关键漏洞信息 Bug ID: 1677216 (CVE-2019-3832) 状态: Closed ERRATA 产品: Security Response 组件: vulnerability 版本: unspecified 操作系统: Linux 漏洞详情 描述: CVE-2019-3832 libsndfile: incomplete fix for CVE-2018-19758 still allows reading beyond buffer limits. The fix for CVE-2018-19758 is incomplete, and it still allows reading beyond the buffer limit in function wav_write_header() in wav.c. The function wav_write_header() iterates through the 'loops' array for an amount of times read from the file itself. However, this value is not correctly checked, and the library can read beyond the limits of the 'loops' array, potentially causing an application crash. 相关链接 上游问题: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 修复PR: https://github.com/erikd/libsndfile/pull/460 上游补丁: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b287