A flaw was found in libsndfile 1.0.28. A stack-based buffer overflow when processing files with an unexpected amount of channels within the sndfile-deinterlace utility can be exploited by attackers to cause a crash, or, possibly, execute arbitrary code. References: https://github.com/erikd/libsndfile/issues/397
Created libsndfile tracking bugs for this issue: Affects: fedora-all [bug 1598481]
Statement: This issue did not affect the versions of libsndfile as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of libsndfile as shipped with Red Hat Enterprise Linux 7.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1185 https://access.redhat.com/errata/RHSA-2020:1185
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-13139
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1636 https://access.redhat.com/errata/RHSA-2020:1636