Bug#903499: audiofile: CVE-2018-13440
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 10 20:10:35 BST 2018
Source: audiofile
Version: 0.3.6-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/mpruett/audiofile/issues/49
Hi,
The following vulnerability was published for audiofile. Filling this
bug to track the upstream issue at [1].
CVE-2018-13440[0]:
| The audiofile Audio File Library 0.3.6 has a NULL pointer dereference
| bug in ModuleState::setup in modules/ModuleState.cpp, which allows an
| attacker to cause a denial of service via a crafted caf file, as
| demonstrated by sfconvert.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-13440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13440
[1] https://github.com/mpruett/audiofile/issues/49
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list