Audacity
by Audacityteam
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000010 | Hig | 0.51 | 7.8 | 0.02 | Jul 17, 2017 | Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. | ||
| CVE-2016-2541 | Med | 0.29 | 5.5 | 0.01 | Feb 7, 2018 | Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. | ||
| CVE-2016-2540 | Med | 0.29 | 5.5 | 0.02 | Feb 7, 2018 | Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure. | ||
| CVE-2009-0490 | 0.04 | — | 0.17 | Feb 10, 2009 | Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file… | |||
| CVE-2020-11867 | 0.00 | — | 0.00 | Nov 30, 2020 | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. | |||
| CVE-2007-6061 | 0.00 | — | 0.03 | Nov 20, 2007 | Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be… |
- risk 0.51cvss 7.8epss 0.02
Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.
- risk 0.29cvss 5.5epss 0.01
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.
- risk 0.29cvss 5.5epss 0.02
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.
- CVE-2009-0490Feb 10, 2009risk 0.04cvss —epss 0.17
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file…
- CVE-2020-11867Nov 30, 2020risk 0.00cvss —epss 0.00
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
- CVE-2007-6061Nov 20, 2007risk 0.00cvss —epss 0.03
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be…