Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| audio_file_library_project | audio_file_library | * |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 15.10 |
| canonical | ubuntu_linux | 12.04 |
| audiofile | audiofile | * |
| canonical | ubuntu_linux | 14.04 |
| fedoraproject | fedora | 23 |
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| audiofile | audiofile | 0.3.6 |
| audio_file_library_project | audio_file_library | 0.3.6 |
| canonical | ubuntu_linux | 14.04 |
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| audiofile | audiofile | 0.3.0 |
| audiofile | audiofile | 0.3.5 |
| audio_file_library_project | audio_file_library | 0.3.3 |
| audio_file_library_project | audio_file_library | 0.3.4 |
| audiofile | audiofile | 0.3.2 |
| canonical | ubuntu_linux | 14.04 |
| audiofile | audiofile | 0.3.4 |
| audio_file_library_project | audio_file_library | 0.3.0 |
| audio_file_library_project | audio_file_library | 0.3.5 |
| audio_file_library_project | audio_file_library | 0.3.1 |
| audiofile | audiofile | 0.3.6 |
| audiofile | audiofile | 0.3.1 |
| audio_file_library_project | audio_file_library | 0.3.6 |
| audiofile | audiofile | 0.3.3 |
| audio_file_library_project | audio_file_library | 0.3.2 |
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| audiofile | audiofile | 0.3.6 |
| audio_file_library_project | audio_file_library | 0.3.6 |
| debian | debian_linux | 10.0 |
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| audiofile | audiofile | 0.3.6 |
| fedoraproject | fedora | 39 |
| audio_file_library_project | audio_file_library | 0.3.6 |
| fedoraproject | fedora | 38 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 37 |