{"id":"CVE-2019-3832","details":"It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.","modified":"2026-05-15T12:04:01.367936425Z","published":"2019-03-21T16:01:04.797Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"18.10"}],"vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"vendor_product":"debian:debian_linux"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-65"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4013-1/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832"},{"type":"FIX","url":"https://github.com/erikd/libsndfile/pull/460"},{"type":"EVIDENCE","url":"https://github.com/erikd/libsndfile/issues/456"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}