CVE-2018-13440 - The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in m

CVE-2018-13440

Summary

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

References

Vulnerable Configurations

cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

CVSS

Base:	4.3 (as of 13-04-2020 - 14:23)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

rpms

audiofile-1:0.3.6-9.el7
audiofile-debuginfo-1:0.3.6-9.el7
audiofile-devel-1:0.3.6-9.el7

refmap via4

misc	https://github.com/mpruett/audiofile/issues/49
ubuntu	USN-3800-1

Last major update

13-04-2020 - 14:23

Published

08-07-2018 - 16:29

Last modified

13-04-2020 - 14:23