SecuritySpace - CVE-2019-13351

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-13351

Description: posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.

Test IDs: 1.3.6.1.4.1.25623.1.1.12.2022.5656.1 1.3.6.1.4.1.25623.1.1.10.2020.0476

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-13351
https://github.com/jackaudio/jack2/pull/480
https://github.com/xbmc/xbmc/issues/16258

CVE ID:	CVE-2019-13351
Description:	posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
Test IDs:	1.3.6.1.4.1.25623.1.1.12.2022.5656.1 1.3.6.1.4.1.25623.1.1.10.2020.0476
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13351 https://github.com/jackaudio/jack2/pull/480 https://github.com/xbmc/xbmc/issues/16258