ALT-PU-2024-16850-3

Package update audacity in branch c9f2

Version2.3.3-alt3

Published2024-12-16

Max severityHIGH

Severity:

Closed issues (3)

LOW3.3

Уязвимость компонента AudacityApp.cpp аудиоредактора звуковых файлов Audacity, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2024-09-13Modified: 2024-11-11

CVSS 3.xLOW 3.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2020-11867

CVE-2017-1000010

HIGH7.8

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.

Published: 2017-07-17Modified: 2026-05-13

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

LOW3.3

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Published: 2020-11-30Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References