Audacityteam Audacity vulnerabilities

CVE-2020-11867 [LOW] CWE-276 CVE-2020-11867: Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity c Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

CVE-2016-2541 [MEDIUM] CWE-119 CVE-2016-2541: Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and ap Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.

CVE-2016-2540 [MEDIUM] CWE-119 CVE-2016-2540: Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and ap Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.

CVE-2017-1000010 [HIGH] CWE-427 CVE-2017-1000010: Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitra Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.

CVE-2009-3560 [MEDIUM] CVE-2009-3560: The big2_toUtf8 function in lib/xmltok The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

CVE-2009-3720 [MEDIUM] CVE-2009-3720: The updatePosition function in lib/xmltok_impl The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

CVE-2009-0490 [CRITICAL] CWE-787 CVE-2009-0490: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/str Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.

CVE-2007-6061 [MEDIUM] CWE-59 CVE-2007-6061: Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous e Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.