Package audiofile updated to version 0.3.6-alt3.c9f2.1 for branch c9f2 in task 309843.

Published: 2018-07-08
Modified: 2024-11-21

CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/mpruett/audiofile/issues/49
https://github.com/mpruett/audiofile/issues/49
USN-3800-1
USN-3800-1

Published: 2018-09-17
Modified: 2024-11-21

CVE-2018-17095

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://github.com/mpruett/audiofile/issues/50
https://github.com/mpruett/audiofile/issues/50
https://github.com/mpruett/audiofile/issues/51
https://github.com/mpruett/audiofile/issues/51
USN-3800-1
USN-3800-1

Version: 2.1.0

Package audiofile update in c9f2 on 2022-11-16

ALT-PU-2022-3089-1

Closed vulnerabilities

CVE-2018-13440

CVE-2018-17095