SUSE CVE-2017-18244

The stereoprocessing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted aac file, related to ffpsapply...

SUSE CVE-2017-18245

The mpc8probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted audio file...

SUSE CVE-2018-11439

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...

SUSE CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

SUSE CVE-2018-14332

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the...

SUSE CVE-2018-14395

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service application crash caused by a divide-by-zero error with a user crafted audio file when converting to the MOV audio format...

SUSE CVE-2018-18827

There exists a heap-based buffer over-read in ffvc1preddc in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...

SUSE CVE-2018-18829

There exists a NULL pointer dereference in ffvc1parseframeheaderadv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file...

SUSE CVE-2018-19130

In Libav 12.3, there is an invalid memory access in vc1decodeframe in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127...

SUSE CVE-2019-13147

In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file...

SUSE CVE-2020-11867

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there...

SUSE CVE-2020-23906

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service DoS via a crafted audio file due to insufficient verification of data authenticity...

Medium: nginx

Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...

The vulnerability of the MoodbarPipeline::MoodbarPipeline() function in the Clementine Music Player audio player allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the implementation of the MoodbarPipeline::MoodbarPipeline function in the Clementine Music Player audio player is related to an error in pointer assignment during the loading of MP3 files. Exploiting this vulnerability may allow a attacker to cause service failures or execut...

Ubuntu: Security Advisory (USN-5749-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5749-1: libsamplerate vulnerability

Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash...

Debian DSA-5281-1 : nginx - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5281 advisory. It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory...

USN-5721-1: WavPack vulnerability

It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service...

USN-5721-1 wavpack vulnerability

It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service...

CVE-2022-41742

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...