CVE-2018-13440NULL Pointer Dereference in Audiofile

CWE-476NULL Pointer Dereference11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
6.0%
top 9.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AudiofileDebian AudiofileCanonical Ubuntu Linux
Timeline
PublishedJul 8
Latest updateDec 14

Description

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/audiofile< audiofile 0.3.6-5 (bookworm)
Debianaudiofile/audiofile< 0.3.6-5+3
Ubuntuaudiofile/audiofile< 0.3.6-2ubuntu0.14.04.3+5

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

4
OSV
audiofile vulnerabilities2023-12-14
GHSA
GHSA-x9mq-8vwj-w2rx: The audiofile Audio File Library 02022-05-13
OSV
audiofile vulnerabilities2018-10-24
OSV
CVE-2018-13440: The audiofile Audio File Library 02018-07-08

📋Vendor Advisories

4
Ubuntu
audiofile vulnerabilities2023-12-14
Ubuntu
audiofile vulnerabilities2018-10-24
Red Hat
audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of service via crafted file2018-07-07
Debian
CVE-2018-13440: audiofile - The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in Mod...2018

💬Community

2
Bugzilla
CVE-2018-13440 audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of service via crafted file2018-07-12
Bugzilla
CVE-2018-13440 audiofile: NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file [fedora-all]2018-07-12