Vulnerability CVE-2018-13440: Information

Description

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-13440
Published: July 8, 2018
Modified: April 13, 2020
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
audiofilesisyphus0.3.6-alt40.3.6-alt5ALT-PU-2021-2193-1278167Fixed
audiofilep100.3.6-alt40.3.6-alt4ALT-PU-2021-2193-1278167Fixed
audiofilec10f10.3.6-alt40.3.6-alt4ALT-PU-2021-2193-1278167Fixed
audiofilec9f20.3.6-alt3.c9f2.10.3.6-alt3.c9f2.1ALT-PU-2022-3089-1309843Fixed
audiofilep110.3.6-alt40.3.6-alt5ALT-PU-2021-2193-1278167Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/mpruett/audiofile/issues/49
  • Exploit
  • Third Party Advisory
USN-3800-1
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top