CVE-2018-17095Out-of-bounds Write in Audiofile

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents7 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
12.0%
top 6.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AudiofileDebian AudiofileCanonical Ubuntu Linux
Timeline
PublishedSep 16
Latest updateDec 14

Description

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/audiofile< audiofile 0.3.6-5 (bookworm)
Debianaudiofile/audiofile< 0.3.6-5+3
Ubuntuaudiofile/audiofile< 0.3.6-2ubuntu0.14.04.3+5
NVDaudiofile/audiofile7 versions+6

Also affects: Ubuntu Linux 14.04

Patches

Patch: usn.ubuntu.comPatch: usn.ubuntu.com

🔴Vulnerability Details

4
OSV
audiofile vulnerabilities2023-12-14
GHSA
GHSA-p9gw-6qmw-52wh: An issue has been discovered in mpruett Audio File Library (aka audiofile) 02022-05-13
OSV
audiofile vulnerabilities2018-10-24
OSV
CVE-2018-17095: An issue has been discovered in mpruett Audio File Library (aka audiofile) 02018-09-16

📋Vendor Advisories

4
Ubuntu
audiofile vulnerabilities2023-12-14
Ubuntu
audiofile vulnerabilities2018-10-24
Red Hat
audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert2018-09-16
Debian
CVE-2018-17095: audiofile - An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6...2018

💬Community

2
Bugzilla
CVE-2018-17095 audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert2018-09-19
Bugzilla
CVE-2018-17095 audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert [fedora-all]2018-09-19