ID CVE-2018-17095
Summary An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
References
Vulnerable Configurations
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
CVSS
Base: 6.8 (as of 09-02-2021 - 15:08)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1631088
title CVE-2018-17095 audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment audiofile is earlier than 1:0.3.6-9.el7
          oval oval:com.redhat.rhsa:tst:20203877001
        • comment audiofile is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203877002
      • AND
        • comment audiofile-devel is earlier than 1:0.3.6-9.el7
          oval oval:com.redhat.rhsa:tst:20203877003
        • comment audiofile-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203877004
rhsa
id RHSA-2020:3877
released 2020-09-29
severity Moderate
title RHSA-2020:3877: audiofile security update (Moderate)
rpms
  • audiofile-1:0.3.6-9.el7
  • audiofile-debuginfo-1:0.3.6-9.el7
  • audiofile-devel-1:0.3.6-9.el7
refmap via4
misc
ubuntu USN-3800-1
Last major update 09-02-2021 - 15:08
Published 16-09-2018 - 21:29
Last modified 09-02-2021 - 15:08
Back to Top