{
  "threat_severity" : "Moderate",
  "public_date" : "2018-07-03T00:00:00Z",
  "bugzilla" : {
    "description" : "libsndfile: stack-based buffer overflow in sndfile-deinterleave utility",
    "id" : "1598480",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1598480"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." ],
  "statement" : "This issue did not affect the versions of libsndfile as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of libsndfile as shipped with Red Hat Enterprise Linux 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1185",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libsndfile-0:1.0.25-11.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-04-28T00:00:00Z",
    "advisory" : "RHSA-2020:1636",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libsndfile-0:1.0.28-10.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-13139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13139" ],
  "name" : "CVE-2018-13139",
  "csaw" : false
}