CVE-2018-13440

2018-07-0816:29:00

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

CPENameOperatorVersion
audiofileeqaudiofile-0.2.2
audiofileeqaudiofile-0.3.4
audiofileeqaudiofile-0.2.1
audiofileeqaudiofile-0.2.4
audiofileeqaudiofile-0.3.1
audiofileeqaudiofile-0.2.5
audiofileeqaudiofile-0.2.6
audiofileeqaudiofile-0.3.0
audiofileeqaudiofile-0.3.3
audiofileeqaudiofile-0.3.6

Name	Operator	Version
audiofile	eq	audiofile-0.2.2
audiofile	eq	audiofile-0.3.4
audiofile	eq	audiofile-0.2.1
audiofile	eq	audiofile-0.2.4
audiofile	eq	audiofile-0.3.1
audiofile	eq	audiofile-0.2.5
audiofile	eq	audiofile-0.2.6
audiofile	eq	audiofile-0.3.0
audiofile	eq	audiofile-0.3.3
audiofile	eq	audiofile-0.3.6