Source: libmysofa Version: 0.7~dfsg0-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for libmysofa. CVE-2019-16091[0]: | Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in | hdf/fractalhead.c. CVE-2019-16092[1]: | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in | hrtf/reader.c. CVE-2019-16093[2]: | Symonics libmysofa 0.7 has an invalid write in | readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE-2019-16094[3]: | Symonics libmysofa 0.7 has an invalid read in | readOHDRHeaderMessageDataLayout in hdf/dataobject.c. CVE-2019-16095[4]: | Symonics libmysofa 0.7 has an invalid read in getDimension in | hrtf/reader.c. Fixes seem all included in the range at [5]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16091 [1] https://security-tracker.debian.org/tracker/CVE-2019-16092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16092 [2] https://security-tracker.debian.org/tracker/CVE-2019-16093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16093 [3] https://security-tracker.debian.org/tracker/CVE-2019-16094 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16094 [4] https://security-tracker.debian.org/tracker/CVE-2019-16095 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16095 [5] https://github.com/hoene/libmysofa/compare/f571522...e07edb3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
