Debian Audiofile vulnerabilities

CVE-2025-50950 [HIGH] CVE-2025-50950: audiofile - Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the Mo... Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-24599 [MEDIUM] CVE-2022-24599: audiofile - In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability... In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. Scope: local bookworm: resolved (fixed in 0

CVE-2020-18781 [MEDIUM] CVE-2020-18781: audiofile - Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0... Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resolve

CVE-2019-13147 [MEDIUM] CVE-2019-13147: audiofile - In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer deref... In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-5+deb12u1) bullseye: resolved (fixed in 0.3.6-5+deb11u1) forky: resolved (fixed in 0.3.6-6) sid: resolved

CVE-2018-13440 [MEDIUM] CVE-2018-13440: audiofile - The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in Mod... The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. Scope: local bookworm: resolved (fixed in 0.3.6-5) bullseye: resolved (fixed in 0.3.6-5) forky: resolved (fixed in 0.3.6-5) sid: res

CVE-2018-17095 [HIGH] CVE-2018-17095: audiofile - An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6... An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. Scope: local bookworm: resolved (fixed in 0.3.6-5) bullseye: resolved (fixed in 0.3.6-5) forky: resolved (fixed in 0.3.6-5) sid: resolved (fixed in 0.3

CVE-2017-6827 [HIGH] CVE-2017-6827: audiofile - Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MS... Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (f

CVE-2017-6828 [HIGH] CVE-2017-6828: audiofile - Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiof... Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trix

CVE-2017-6830 [MEDIUM] CVE-2017-6830: audiofile - Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio ... Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resol

CVE-2017-6834 [MEDIUM] CVE-2017-6834: audiofile - Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio ... Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-

CVE-2017-6829 [MEDIUM] CVE-2017-6829: audiofile - The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6... The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resolved (fixed in 0.3.6-4)

CVE-2017-6833 [MEDIUM] CVE-2017-6833: audiofile - The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Librar... The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4)

CVE-2017-6837 [MEDIUM] CVE-2017-6837: audiofile - WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to ... WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resolved (fixed in 0.3.6-4)

CVE-2017-6836 [MEDIUM] CVE-2017-6836: audiofile - Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile... Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky:

CVE-2017-6835 [MEDIUM] CVE-2017-6835: audiofile - The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library... The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4)

CVE-2017-6832 [MEDIUM] CVE-2017-6832: audiofile - Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Libra... Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: re

CVE-2017-6838 [MEDIUM] CVE-2017-6838: audiofile - Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile)... Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resolved (fixed in 0.3.6-4)

CVE-2017-6839 [MEDIUM] CVE-2017-6839: audiofile - Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.... Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.6-4) sid: resolved (fixed in 0.3.6-4) trixie: resolved (fixed in 0.3.6-4)

CVE-2017-6831 [MEDIUM] CVE-2017-6831: audiofile - Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio F... Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.3.6-4) bullseye: resolved (fixed in 0.3.6-4) forky: resolved (fixed in 0.3.

CVE-2015-7747 [HIGH] CVE-2015-7747: audiofile - Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and ... Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. Scope: local bookworm: resolved (fixed in 0.3.6-3) bullseye: resolved (fi