Lucene search

PRIOn knowledge basePRION:CVE-2022-24599

HistoryFeb 24, 2022 - 3:15 p.m.

Memory corruption

2022-02-2415:15:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn’t use zero bytes to truncate the data.

CPENameOperatorVersion
audio_file_libraryeq0.3.6
debian_linuxeq10.0
fedoraeq37
fedoraeq38
fedoraeq39

Name	Operator	Version
audio_file_library	eq	0.3.6
debian_linux	eq	10.0
fedora	eq	37
fedora	eq	38
fedora	eq	39

References

github.com/mpruett/audiofile/issues/60

lists.debian.org/debian-lts-announce/2023/11/msg00006.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/