CVE-2019-16094
Description
libmysofa 0.7 contains an invalid read in readOHDRHeaderMessageDataLayout, potentially causing denial of service or other unspecified impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libmysofa 0.7 contains an invalid read in readOHDRHeaderMessageDataLayout, potentially causing denial of service or other unspecified impact.
## Vulnerability libmysofa version 0.7 contains an invalid read vulnerability in the function readOHDRHeaderMessageDataLayout located in hdf/dataobject.c. This occurs when parsing specially crafted SOFA (AES69-2015) files. The invalid read can be triggered without any special configuration beyond opening a malicious file. [1]
Exploitation
An attacker can exploit this vulnerability by providing a crafted SOFA file to an application using libmysofa. No authentication or special network position is required; the attack vector is local or remote if the application processes user-supplied files. The invalid read occurs during parsing of the HDF data layout header. [1]
Impact
Successful exploitation could lead to a denial of service (application crash) or other unspecified impact, such as information disclosure. The exact impact depends on the memory layout and the application's error handling. [1]
Mitigation
The vulnerability is fixed in libmysofa versions after commit e07edb3 (2019-08-25). Ubuntu released updated packages in USN-4473-1 on 2020-08-26 for Ubuntu 18.04 LTS. Users should update to the latest version of libmysofa. [1][2]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Symonics/libmysofadescription
- osv-coords2 versionspkg:rpm/opensuse/libmysofa&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libmysofa&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.9.1-lp152.3.3.1+ 1 more
- (no CPE)range: < 0.9.1-lp152.3.3.1
- (no CPE)range: < 0.9.1-bp152.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- usn.ubuntu.com/4473-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/hoene/libmysofa/compare/f571522...e07edb3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.