CVE-2017-18245

The mpc8probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted audio file...

CVE-2017-18245

The mpc8probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted audio file...

[ASA-201803-21] lib32-libvorbis: multiple issues

Arch Linux Security Advisory ASA-201803-21 ========================================== Severity: Critical Date : 2018-03-19 CVE-ID : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Package : lib32-libvorbis Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-658 Summary =====...

[ASA-201803-13] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...

libvorbis -- multiple vulnerabilities

NVD reports: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

FreeBSD : libsndfile -- multiple vulnerabilities (2b386075-1d9c-11e8-b6aa-4ccc6adda413)

Agostino Sarubbo, Gentoo reports : CVE-2017-8361 Medium: The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file. CVE-2017-8362 Medium:...

Design/Logic Flaw

DISPUTED The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service divide-by-zero and exception via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python...

CVE-2017-18207

The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service divide-by-zero and exception via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications...

CVE-2017-18207

CVE-2017-18207 affects Python’s CPython before or up to 3.6.4, where the Wave_read._read_fmt_chunk implementation may not ensure a nonzero channel value, enabling a denial of service through a crafted WAV file (divide-by-zero/exception). The root cause is in Lib/wave.py; exploitation details are ...

UBUNTU-CVE-2016-2541

Audacity before 2.1.2 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted MP2 file...

Updated sox packages fix security vulnerability

There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file CVE-2017-15370. There is a reachable assertion abort in the function soxappendcomment in formats.c i...

Audio memory corruption vulnerability in multiple Apple products

Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system for mobile devices; macOS High Sierra is a specialized operating system for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. audio is an...

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184 CVE-2017-14632. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

CVE-2017-17555

The swriaudioconvert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

UBUNTU-CVE-2017-17554

A NULL pointer dereference DoS Vulnerability was found in the function aubiosourceavcodecreadframe in io/sourceavcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file...

CVE-2017-17554

A NULL pointer dereference DoS Vulnerability was found in the function aubiosourceavcodecreadframe in io/sourceavcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file...

UBUNTU-CVE-2017-17555

The swriaudioconvert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

PYSEC-2017-77

The swriaudioconvert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

Null pointer dereference

A NULL pointer dereference DoS Vulnerability was found in the function aubiosourceavcodecreadframe in io/sourceavcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file...