{
  "threat_severity" : "Low",
  "public_date" : "2018-11-22T00:00:00Z",
  "bugzilla" : {
    "description" : "libsndfile: OOB read in sf_write_int in sndfile.c",
    "id" : "1652566",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652566"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-119",
  "details" : [ "An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service." ],
  "statement" : "This issue did not affect the versions of libsndfile as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of libsndfile as shipped with Red Hat Enterprise Linux 7.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libsndfile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-19432\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19432" ],
  "name" : "CVE-2018-19432",
  "csaw" : false
}