rpm package
suse/audiofile&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17095 | Hig | 8.8 | < 0.3.6-11.3.1 | 0.3.6-11.3.1 | Sep 16, 2018 | An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | |
| CVE-2018-13440 | Med | 6.5 | < 0.3.6-11.7.8 | 0.3.6-11.7.8 | Jul 8, 2018 | The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. |
- affected < 0.3.6-11.3.1fixed 0.3.6-11.3.1
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
- affected < 0.3.6-11.7.8fixed 0.3.6-11.7.8
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.