CVE-2019-16093

Vulnerability

CVE-2019-16093 describes an invalid write vulnerability in libmysofa version 0.7, located in the function readOHDRHeaderMessageDataLayout in the file hdf/dataobject.c [1][2]. The bug occurs when processing a crafted SOFA file (AES69-2015 format). No special configuration is required beyond making libmysofa parse a maliciously crafted HRTF data file. Affected versions include libmysofa 0.7 and possibly earlier releases [1].

Exploitation

An attacker can trigger this by providing a specially crafted SOFA file to any application or service that uses the libmysofa library to read HRTF (Head-Related Transfer Function) data [1]. The attacker does not need network position beyond delivering the file (e.g., via email attachment, web upload, or direct file access). No authentication is required. The sequence involves the library calling readOHDRHeaderMessageDataLayout on the malformed input, leading to an out-of-bounds write on the heap [2].

Impact

The invalid write causes memory corruption, which can result in a denial of service (application crash) or potentially other unspecified impacts [1]. The exact extent of the impact beyond denial of service has not been detailed in the available references, but given the nature of a heap write, arbitrary code execution cannot be ruled out in some environments.

Mitigation

Ubuntu security notice USN-4473-1, released on 26 August 2020, addressed this vulnerability along with several others (CVE-2019-16091, CVE-2019-16092, CVE-2019-16094, CVE-2019-16095) [1]. Users should update the libmysofa package to the patched version provided in that update. For Ubuntu 18.04 LTS, the fix was made available through a standard system update [1]. No other official workarounds have been published. The upstream fix is identifiable in the repository commit range f571522...e07edb3 [2].