CVE-2019-16092
Description
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf that can be triggered by a crafted SOFA file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf that can be triggered by a crafted SOFA file.
Vulnerability
Symonics libmysofa version 0.7 contains a NULL pointer dereference vulnerability in the getHrtf function located in hrtf/reader.c. The flaw triggers when processing a crafted SOFA (Spatially Oriented Format for Acoustics) file that leads to a NULL pointer being dereferenced, causing a crash. The affected version is 0.7 [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted SOFA file to an application using libmysofa. No authentication is required; the attacker only needs to supply the malicious file to be parsed by the library. The exploitation does not require user interaction beyond opening the file [1].
Impact
Successful exploitation results in a denial of service (DoS) due to a NULL pointer dereference, causing the application to crash. This vulnerability does not lead to remote code execution or data leakage, as the crash is the primary outcome [1].
Mitigation
The issue was fixed in commit f571522...e07edb3 on the libmysofa repository, which was part of a series of commits around late August and early September 2019 [1]. Users should update to a version of libmysofa that includes this fix. As of now, no workaround is available other than avoiding untrusted SOFA files until the library is updated.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Symonics/libmysofadescription
- osv-coords2 versionspkg:rpm/opensuse/libmysofa&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libmysofa&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.9.1-lp152.3.3.1+ 1 more
- (no CPE)range: < 0.9.1-lp152.3.3.1
- (no CPE)range: < 0.9.1-bp152.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- usn.ubuntu.com/4473-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/hoene/libmysofa/compare/f571522...e07edb3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.