MidnightBSD

Advisories for aubio

CVE-2017-17054 MEDIUM

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
aubio aubio 0.4.6
CVE-2017-17554 MEDIUM

A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
aubio aubio 0.4.6
CVE-2017-17555 MEDIUM

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.4.1
ffmpeg libswresample *
aubio aubio 0.4.6
CVE-2018-14521 MEDIUM

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
aubio aubio 0.4.6
CVE-2018-14522 MEDIUM

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise 15.0
opensuse leap 42.3
opensuse leap 15.0
aubio aubio 0.4.6
CVE-2018-14523 MEDIUM

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
suse linux_enterprise 15.0
opensuse leap 42.3
opensuse leap 15.0
aubio aubio 0.4.6
CVE-2018-19800 HIGH

aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
aubio aubio *
CVE-2018-19801 MEDIUM

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
aubio aubio *
CVE-2018-19802 MEDIUM

aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
aubio aubio *