CVE-2018-14522 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Aubio

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 37.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aubio Opensuse Leap Suse Linux Enterprise

Timeline

PublishedJul 23

Latest updateMay 14

Description

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶PyPIaubio/aubio< 0.4.7

▶Debianaubio/aubio< 0.4.6-1+3

▶NVDaubio/aubio0.4.6

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Linux Enterprise 15.0

🔴Vulnerability Details

OSV

Aubio is vulnerable to denial of service via aubio_pitch_set_unit function↗2022-05-14

▶

GHSA

Aubio is vulnerable to denial of service via aubio_pitch_set_unit function↗2022-05-14

▶

OSV

CVE-2018-14522: An issue was discovered in aubio 0↗2018-07-23

▶

CVEList

CVE-2018-14522: An issue was discovered in aubio 0↗2018-07-23

▶

📋Vendor Advisories

Debian

CVE-2018-14522: aubio - An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_s...↗2018

▶

💬Community

Bugzilla

CVE-2018-14522 CVE-2018-14523 aubio: various flaws [fedora-all]↗2018-08-01

▶

Bugzilla

CVE-2018-14522 aubio: SEGV signal in pitch/pitch.c:aubio_pitch_set_unit()↗2018-08-01

▶