posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
References
Link | Resource |
---|---|
https://github.com/jackaudio/jack2/pull/480 | Patch Third Party Advisory |
https://github.com/xbmc/xbmc/issues/16258 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-05T19:20:39
Updated: 2019-07-05T19:20:39
Reserved: 2019-07-05T00:00:00
Link: CVE-2019-13351
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-05T20:15:14.200
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-13351
JSON object: View
Redhat Information
No data.
CWE