EUVD-2018-11532

Malware in sbrugna...

SUSE CVE-2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if that value is negative. This could result in a denial...

PT-2022-26588 · Apple · Ipados +5

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 16.1 Apple iOS versions prior to 15.7.1 and prior to 16.1 Apple iPadOS versions prior to 15.7.1 and prior to 16 Apple macOS versions prior to 13, prior to 12.6.1, and prior to 11.7.1 Apple watchOS versions prior t...

audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of service via crafted file

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

UBUNTU-CVE-2019-14498

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file...

MGASA-2019-0045 Updated wavpack packages fix security vulnerabilities

Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service CVE-2018-6767. It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cau...

CVE-2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if that value is negative. This could result in a denial...

AZL-44397 CVE-2018-13440 affecting package audiofile 0.3.6-27

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

PT-2018-11825 · Audiofile +6 · Audio File Library +6

Name of the Vulnerable Software and Affected Versions: The audiofile Audio File Library version 0.3.6 Description: The issue is related to a NULL pointer dereference bug in the ModuleState::setup function, located in modules/ModuleState.cpp. This bug can be exploited by an attacker to cause a...

Ubuntu 17.10 : wavpack vulnerabilities (USN-3578-1)

It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. CVE-2018-7253 It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a...

SuSE 11 Security Update : libsndfile (SAT Patch Number 637)

Specially crafted CAF files could cause an integer overflow in libsndfile. CVE-2009-0186 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...

openSUSE Security Update : libsndfile (libsndfile-577)

Specially crafted CAF files could cause an integer overflow in libsndfile CVE-2009-0186. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libsndfile-577. The text description of this plugin is ...

Mandriva Linux Security Advisory : libsndfile (MDVSA-2009:067)

Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow CVE-2009-0186. This update provides fix for that vulnerability. %NASLMINLEVEL 70300 C Tenable Network...

openSUSE 10 Security Update : libsndfile (libsndfile-6044)

Specially crafted CAF files could cause an integer overflow in libsndfile CVE-2009-0186. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libsndfile-6044. The text description of this plugin is...

Mandrake Security Advisory MDVSA-2009:067 (libsndfile)

The remote host is missing an update to libsndfile announced via advisory MDVSA-2009:067. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2009-0186

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow...