Vulnerabilites related to audiofile - audiofile
CVE-2015-7747 (GCVE-0-2015-7747)
Vulnerability from cvelistv5
Published
2020-02-19 20:27
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2787-1 | x_refsource_MISC | |
| https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/10/06/2 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2015/10/08/1 | x_refsource_MISC | |
| https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:27:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ubuntu.com/usn/USN-2787-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/10/06/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2015/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
},
{
"name": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch",
"refsource": "MISC",
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7747",
"datePublished": "2020-02-19T20:27:49",
"dateReserved": "2015-10-07T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13440 (GCVE-0-2018-13440)
Vulnerability from cvelistv5
Published
2018-07-08 16:00
Modified
2024-08-05 09:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/issues/49 | x_refsource_MISC | |
| https://usn.ubuntu.com/3800-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"name": "USN-3800-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3800-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"name": "USN-3800-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3800-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/issues/49",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"name": "USN-3800-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3800-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13440",
"datePublished": "2018-07-08T16:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13147 (GCVE-0-2019-13147)
Vulnerability from cvelistv5
Published
2019-07-01 00:00
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/54"
},
{
"name": "[debian-lts-announce] 20231112 [SECURITY] [DLA 3650-1] audiofile security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-12T23:06:13.885652",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mpruett/audiofile/issues/54"
},
{
"name": "[debian-lts-announce] 20231112 [SECURITY] [DLA 3650-1] audiofile security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13147",
"datePublished": "2019-07-01T00:00:00",
"dateReserved": "2019-07-01T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6834 (GCVE-0-2017-6834)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/03/13/6 | mailing-list, x_refsource_MLIST | |
| https://github.com/mpruett/audiofile/issues/38 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T21:35:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"name": "https://github.com/mpruett/audiofile/issues/38",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6834",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6839 (GCVE-0-2017-6839)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/03/13/9 | mailing-list, x_refsource_MLIST | |
| https://github.com/mpruett/audiofile/issues/41 | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9",
"refsource": "MISC",
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"name": "https://github.com/mpruett/audiofile/issues/41",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6839",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6829 (GCVE-0-2017-6829)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/issues/33 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/97189 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/03/13/1 | mailing-list, x_refsource_MLIST | |
| https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/33"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"
},
{
"name": "[oss-security] 20170313 Re: audiofile: global buffer overflow in decodeSample (IMA.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/33"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"
},
{
"name": "[oss-security] 20170313 Re: audiofile: global buffer overflow in decodeSample (IMA.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/issues/33",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/33"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97189"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"
},
{
"name": "[oss-security] 20170313 Re: audiofile: global buffer overflow in decodeSample (IMA.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/1"
},
{
"name": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f",
"refsource": "MISC",
"url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6829",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6835 (GCVE-0-2017-6835)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/03/13/7 | mailing-list, x_refsource_MLIST | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/ | x_refsource_MISC | |
| https://github.com/mpruett/audiofile/issues/39 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"
},
{
"name": "https://github.com/mpruett/audiofile/issues/39",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6835",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6837 (GCVE-0-2017-6837)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97314 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/03/13/9 | mailing-list, x_refsource_MLIST | |
| https://github.com/mpruett/audiofile/issues/41 | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97314"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97314"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97314"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0",
"refsource": "MISC",
"url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"name": "https://github.com/mpruett/audiofile/issues/41",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6837",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24599 (GCVE-0-2022-24599)
Vulnerability from cvelistv5
Published
2022-02-22 00:00
Modified
2024-08-03 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/60"
},
{
"name": "[debian-lts-announce] 20231112 [SECURITY] [DLA 3650-1] audiofile security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
},
{
"name": "FEDORA-2023-47d4f575a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/"
},
{
"name": "FEDORA-2023-e23e432cb2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/"
},
{
"name": "FEDORA-2023-07669abb35",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn\u0027t use zero bytes to truncate the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T03:06:16.009155",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mpruett/audiofile/issues/60"
},
{
"name": "[debian-lts-announce] 20231112 [SECURITY] [DLA 3650-1] audiofile security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
},
{
"name": "FEDORA-2023-47d4f575a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/"
},
{
"name": "FEDORA-2023-e23e432cb2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/"
},
{
"name": "FEDORA-2023-07669abb35",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24599",
"datePublished": "2022-02-22T00:00:00",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-03T04:13:56.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6828 (GCVE-0-2017-6828)
Vulnerability from cvelistv5
Published
2017-03-15 14:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97183 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97183"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97183"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/"
},
{
"name": "97183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97183"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6828",
"datePublished": "2017-03-15T14:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6833 (GCVE-0-2017-6833)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/03/13/5 | mailing-list, x_refsource_MLIST | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/ | x_refsource_MISC | |
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/mpruett/audiofile/issues/37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://github.com/mpruett/audiofile/issues/37",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6833",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18781 (GCVE-0-2020-18781)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/56"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T16:33:41.595245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:35:09.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:22.145818",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mpruett/audiofile/issues/56"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18781",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-10-04T16:35:09.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6832 (GCVE-0-2017-6832)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97589 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/03/13/4 | mailing-list, x_refsource_MLIST | |
| https://github.com/mpruett/audiofile/issues/36 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"
},
{
"name": "97589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97589"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T22:59:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"
},
{
"name": "97589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97589"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"
},
{
"name": "97589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97589"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/4"
},
{
"name": "https://github.com/mpruett/audiofile/issues/36",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6832",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6836 (GCVE-0-2017-6836)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| https://github.com/mpruett/audiofile/issues/40 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/03/13/8 | mailing-list, x_refsource_MLIST | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/40"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T23:01:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/40"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "https://github.com/mpruett/audiofile/issues/40",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/40"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/8"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6836",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6830 (GCVE-0-2017-6830)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/pull/42 | x_refsource_MISC | |
| https://github.com/mpruett/audiofile/issues/34 | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/ | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/03/13/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "https://github.com/mpruett/audiofile/issues/34",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/34"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6830",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17095 (GCVE-0-2018-17095)
Vulnerability from cvelistv5
Published
2018-09-16 21:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mpruett/audiofile/issues/50 | x_refsource_MISC | |
| https://usn.ubuntu.com/3800-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/mpruett/audiofile/issues/51 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/50"
},
{
"name": "USN-3800-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3800-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T23:05:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/50"
},
{
"name": "USN-3800-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3800-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/issues/50",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/50"
},
{
"name": "USN-3800-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3800-1/"
},
{
"name": "https://github.com/mpruett/audiofile/issues/51",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17095",
"datePublished": "2018-09-16T21:00:00",
"dateReserved": "2018-09-16T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6827 (GCVE-0-2017-6827)
Vulnerability from cvelistv5
Published
2017-03-15 14:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6827",
"datePublished": "2017-03-15T14:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6831 (GCVE-0-2017-6831)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/ | x_refsource_MISC | |
| https://github.com/mpruett/audiofile/issues/35 | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/97588 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/03/13/3 | mailing-list, x_refsource_MLIST | |
| https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 | x_refsource_MISC | |
| https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/35"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97588",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97588"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T16:14:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/35"
},
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97588",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97588"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"
},
{
"name": "https://github.com/mpruett/audiofile/issues/35",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/35"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "97588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97588"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/3"
},
{
"name": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6",
"refsource": "MISC",
"url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"
},
{
"name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831",
"refsource": "MISC",
"url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6831",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6838 (GCVE-0-2017-6838)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3814 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/03/13/9 | mailing-list, x_refsource_MLIST | |
| https://github.com/mpruett/audiofile/issues/41 | x_refsource_MISC | |
| https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3814",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"name": "https://github.com/mpruett/audiofile/issues/41",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"name": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c",
"refsource": "MISC",
"url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6838",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-03-12T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:15
Modified
2024-11-21 05:08
Severity ?
Summary
Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mpruett/audiofile/issues/56 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mpruett/audiofile/issues/56 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert."
}
],
"id": "CVE-2020-18781",
"lastModified": "2024-11-21T05:08:49.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:15:56.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/56"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiofile | audiofile | 0.3.6 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el decodeBlock en MSADPCM.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) versiones 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado"
}
],
"id": "CVE-2017-6832",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97589"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de entero en sfcommy s/sfconvert.c en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6838",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:03.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n reset1 en libaudiofile/modules/BlockCodec.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6835",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.860",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/39"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients."
},
{
"lang": "es",
"value": "WAVE.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con un gran n\u00famero de coeficientes."
}
],
"id": "CVE-2017-6837",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97314"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5A99FB-F881-4621-A9E2-3D261CC94F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A874AFAB-9FE8-4436-B446-A106E336A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE480807-B149-4227-BC43-25A140F6D71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2006C1-2EB3-4F4E-8DB0-C99B72700A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F08B96-44AC-4894-B304-642A49E6AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E21929-705E-4FCC-8E61-9A5972660568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "128EEF53-482C-4FC5-9C2E-2D70E9013C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ulaw2len ear_buf en G711.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) versiones 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado"
}
],
"id": "CVE-2017-6834",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n runPull en libaudiofile/modules/BlockCodec.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6833",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.780",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-15 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n MSADPCM::initializeCoefficients en MSADPCM.cpp en audiofile (tambi\u00e9n conocido como libaudiofile y Audio File Library) 0.3.6 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de un archivo de audio manipulado."
}
],
"id": "CVE-2017-6827",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-15T14:59:01.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de entero en modules/MSADPCM.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6839",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:03.030",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/41"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5A99FB-F881-4621-A9E2-3D261CC94F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A874AFAB-9FE8-4436-B446-A106E336A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE480807-B149-4227-BC43-25A140F6D71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2006C1-2EB3-4F4E-8DB0-C99B72700A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F08B96-44AC-4894-B304-642A49E6AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E21929-705E-4FCC-8E61-9A5972660568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "128EEF53-482C-4FC5-9C2E-2D70E9013C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en Heap en la funci\u00f3n decodeBlockWAVE en IMA.cpp en Audio File Library (alias audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 y 0.2.7 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (crash) a trav\u00e9s de un archivo elaborado"
}
],
"id": "CVE-2017-6831",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97588"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/35"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiofile | audiofile | 0.3.6 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n Expy 3To4Module::run en libaudiofile/modules/SimpleModule.h en Audio File Library (tambi\u00e9n conocido como audiofile) versiones 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado"
}
],
"id": "CVE-2017-6836",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n alaw2len ear_buf en G711.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6830",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/34"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/pull/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-16 21:29
Modified
2025-08-13 20:48
Severity ?
Summary
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mpruett/audiofile/issues/50 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/mpruett/audiofile/issues/51 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3800-1/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mpruett/audiofile/issues/50 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mpruett/audiofile/issues/51 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3800-1/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A874AFAB-9FE8-4436-B446-A106E336A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE480807-B149-4227-BC43-25A140F6D71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2006C1-2EB3-4F4E-8DB0-C99B72700A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F08B96-44AC-4894-B304-642A49E6AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E21929-705E-4FCC-8E61-9A5972660568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "128EEF53-482C-4FC5-9C2E-2D70E9013C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en mpruett Audio File Library (tambi\u00e9n conocido como audiofile) versiones 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. Ha ocurrido un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en Expand3To4Module::run al ejecutar sfconvert"
}
],
"id": "CVE-2018-17095",
"lastModified": "2025-08-13T20:48:07.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-16T21:29:00.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/50"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/51"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/3800-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/3800-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-15 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file."
},
{
"lang": "es",
"value": "Desbordamiento del b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n readValue en FileHandle.cpp en audiofile (tambi\u00e9n conocido como libaudiofile y Audio File Library) 0.3.6 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de un archivo WAV manipulado."
}
],
"id": "CVE-2017-6828",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-15T14:59:01.213",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97183"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 00:15
Modified
2025-08-13 20:48
Severity ?
Summary
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mpruett/audiofile/issues/54 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mpruett/audiofile/issues/54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiofile | audiofile | 0.3.6 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file."
},
{
"lang": "es",
"value": "En Audio File Library (tambi\u00e9n se conoce como audiofile) versi\u00f3n 0.3.6, se presenta un error de desreferencia de puntero NULL en la funci\u00f3n ulaw2linear_buf en el archivo G711.cpp en la biblioteca libmodules.a que permite a un atacante causar una denegaci\u00f3n de servicio por medio de un archivo creado."
}
],
"id": "CVE-2019-13147",
"lastModified": "2025-08-13T20:48:07.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T00:15:10.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/54"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-08 16:29
Modified
2025-08-13 20:48
Severity ?
Summary
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mpruett/audiofile/issues/49 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3800-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mpruett/audiofile/issues/49 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3800-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiofile | audiofile | 0.3.6 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert."
},
{
"lang": "es",
"value": "audiofile Audio File Library 0.3.6 tiene un error de desreferencia de puntero NULL en ModuleState::setup en modules/ModuleState.cpp, lo que permite que un atacante provoque una denegaci\u00f3n de servicio (DoS) mediante un archivo caf manipulado, tal y como queda demostrado con sfconvert."
}
],
"id": "CVE-2018-13440",
"lastModified": "2025-08-13T20:48:07.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-08T16:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3800-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3800-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n decodeSample en IMA.cpp en Audio File Library (tambi\u00e9n conocido como audiofile) 0.3.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-6829",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:02.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97189"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/33"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2025-08-21 19:04
Severity ?
Summary
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiofile | audiofile | 0.3.6 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn\u0027t use zero bytes to truncate the data."
},
{
"lang": "es",
"value": "En autofile Audio File Library versi\u00f3n 0.3.6, se presenta una vulnerabilidad de p\u00e9rdida de memoria en printfileinfo, en el archivo printinfo.c, que permite a un atacante filtrar informaci\u00f3n confidencial por medio de un archivo dise\u00f1ado. La funci\u00f3n printfileinfo llama a la funci\u00f3n copyrightstring para obtener datos, sin embargo, no usa bytes cero para truncar los datos"
}
],
"id": "CVE-2022-24599",
"lastModified": "2025-08-21T19:04:57.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T15:15:29.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/60"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mpruett/audiofile/issues/60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-19 21:15
Modified
2025-08-13 20:48
Severity ?
Summary
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| fedoraproject | fedora | 23 | |
| audiofile | audiofile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiofile:audiofile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4DFCFA-C717-4D25-A15A-8066CD0D272F",
"versionEndExcluding": "0.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la funci\u00f3n afReadFrames en audiofile (tambi\u00e9n se conoce como libaudiofile and Audio File Library), permite a atacantes remotos asistidos por el usuario causar una denegaci\u00f3n de servicio (bloqueo del programa) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo de audio dise\u00f1ado, como es demostrado por el archivo sixteen-stereo-to-eight-mono.c"
}
],
"id": "CVE-2015-7747",
"lastModified": "2025-08-13T20:48:07.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T21:15:11.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}