Astra Linux - уязвимость в audacity

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there...

The Year in Review 2025: AI, APIs, and a Whole Lot of Audacity

...

EUVD-2007-6031

Malware in sbrugna...

EUVD-2017-1345

Malware in sbrugna...

EUVD-2016-3617

Malware in sbrugna...

EUVD-2016-3616

Malware in sbrugna...

EUVD-2020-4207

Malware in sbrugna...

Ubuntu: Security Advisory (USN-7211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Audacity vulnerability (USN-7211-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7211-1 advisory. Mike Salvatore discovered that Audacity incorrectly handled default permissions of temporary files created by the application. An attacker...

USN-7211-1: Audacity vulnerability

Mike Salvatore discovered that Audacity incorrectly handled default permissions of temporary files created by the application. An attacker could possibly use this issue to obtain sensitive information...

USN-7211-1 audacity vulnerability

Mike Salvatore discovered that Audacity incorrectly handled default permissions of temporary files created by the application. An attacker could possibly use this issue to obtain sensitive information...

audacity-3.7.0-1.1 on GA media (moderate)

audacity-3.7.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14457-1 Rating: moderate Cross-References: CVE-2024-50602 CVSS scores: CVE-2024-50602 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2024-50602 SUSE : 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

OPENSUSE-SU-2024:14457-1 audacity-3.7.0-1.1 on GA media

These are all security issues fixed in the audacity-3.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

OPENSUSE-SU-2024:10639-1 audacity-3.0.4-1.2 on GA media

These are all security issues fixed in the audacity-3.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

SUSE CVE-2007-6061

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service recording deadlock by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete...

SUSE CVE-2009-0490

Stack-based buffer overflow in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a .gro file containing a long string...

SUSE CVE-2016-2540

Audacity before 2.1.2 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted FORMATCHUNK structure...