CVE-2018-13139

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-13139

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-13139.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-13139

Downstream

DEBIAN-CVE-2018-13139

DLA-1618-1

RHSA-2020:1185

RHSA-2020:1636

SUSE-SU-2018:2065-1

SUSE-SU-2018:2074-1

SUSE-SU-2021:2615-1

SUSE-SU-2021:2764-1

UBUNTU-CVE-2018-13139

USN-4013-1

USN-4704-1

openSUSE-SU-2021:1166-1

openSUSE-SU-2021:2764-1

openSUSE-SU-2024:10992-1

Related

Published

2018-07-04T14:29:00Z

Modified

2025-09-19T09:22:28.336108Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

References

Affected packages

Alpine:v3.10

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.11

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.12

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.13

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.14

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.15

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.16

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.17

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.18

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.19

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.20

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.21

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.22

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.5

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r3

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

Alpine:v3.6

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r3

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

Alpine:v3.7

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r3

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

Alpine:v3.8

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Alpine:v3.9

libsndfile

Package

Name: libsndfile
Purl: pkg:apk/alpine/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.28-r4

Affected versions

1.*

1.0.19-r0

1.0.20-r0

1.0.21-r0

1.0.21-r1

1.0.21-r2

1.0.21-r3

1.0.22-r0

1.0.23-r0

1.0.23-r1

1.0.24-r0

1.0.24-r1

1.0.25-r0

1.0.25-r1

1.0.25-r2

1.0.25-r3

1.0.26-r0

1.0.27-r0

1.0.28-r0

1.0.28-r1

1.0.28-r2

1.0.28-r3

Git

github.com/erikd/libsndfile

Affected ranges

Type: GIT
Repo: https://github.com/erikd/libsndfile
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1d928bffdb65e827c3e7d17ece0e123b4a70ec6c

Affected versions

1.*

1.0.25

1.0.26

1.0.27

1.0.28