Lucene search

K
mageiaGentoo FoundationMGASA-2019-0016
HistoryJan 06, 2019 - 7:41 p.m.

Updated aubio packages fix security vulnerabilities

2019-01-0619:41:22
Gentoo Foundation
advisories.mageia.org
9

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%

NULL pointer dereference in the function aubio_source_avcodec_readframe which may lead to DoS when playing a crafted audio file (CVE-2017-17554). A crash in aubio_pitch_set_unit (CVE-2018-14522). A buffer overrread resulting in crash or information leakage in new_aubio_pitchyinfft (CVE-2018-14523).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchaubio< 0.4.2-2.2aubio-0.4.2-2.2.mga6

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%