UbuntuUSN-912-1Audio File Library vulnerability
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.3%
Releases
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- audiofile -
Details
It was discovered that Audio File Library contained a heap-based buffer
overflow. If a user or automated system processed a crafted WAV file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. The default compiler options for Ubuntu should reduce this
vulnerability to a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | libaudiofile0 | < 0.2.6-7ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libaudiofile-dev | < 0.2.6-7ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libaudiofile0-dbg | < 0.2.6-7ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libaudiofile0 | < 0.2.6-7ubuntu1.9.04.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libaudiofile-dev | < 0.2.6-7ubuntu1.9.04.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libaudiofile0-dbg | < 0.2.6-7ubuntu1.9.04.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libaudiofile0 | < 0.2.6-7ubuntu1.8.10.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libaudiofile-dev | < 0.2.6-7ubuntu1.8.10.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libaudiofile0-dbg | < 0.2.6-7ubuntu1.8.10.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libaudiofile0 | < 0.2.6-7ubuntu1.8.04.1 | UNKNOWN |
References
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.3%