MidnightBSD

Advisories for audio_file_library_project

CVE-2015-7747 MEDIUM

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
audio_file_library_project audio_file_library *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 12.04
audiofile audiofile *
canonical ubuntu_linux 14.04
fedoraproject fedora 23
CVE-2018-13440 MEDIUM

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
audiofile audiofile 0.3.6
audio_file_library_project audio_file_library 0.3.6
canonical ubuntu_linux 14.04
CVE-2018-17095 MEDIUM

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
audiofile audiofile 0.3.0
audiofile audiofile 0.3.5
audio_file_library_project audio_file_library 0.3.3
audio_file_library_project audio_file_library 0.3.4
audiofile audiofile 0.3.2
canonical ubuntu_linux 14.04
audiofile audiofile 0.3.4
audio_file_library_project audio_file_library 0.3.0
audio_file_library_project audio_file_library 0.3.5
audio_file_library_project audio_file_library 0.3.1
audiofile audiofile 0.3.6
audiofile audiofile 0.3.1
audio_file_library_project audio_file_library 0.3.6
audiofile audiofile 0.3.3
audio_file_library_project audio_file_library 0.3.2
CVE-2019-13147 MEDIUM

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
audiofile audiofile 0.3.6
audio_file_library_project audio_file_library 0.3.6
debian debian_linux 10.0
CVE-2022-24599 MEDIUM

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
audiofile audiofile 0.3.6
fedoraproject fedora 39
audio_file_library_project audio_file_library 0.3.6
fedoraproject fedora 38
debian debian_linux 10.0
fedoraproject fedora 37