Lucene search

UbuntuUSN-5749-1

HistoryNov 29, 2022 - 12:00 a.m.

libsamplerate vulnerability

2022-11-2900:00:00

ubuntu.com

libsamplerate

ubuntu 16.04 esm

audio file

bounds checking

vulnerability

crash

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

Releases

Ubuntu 16.04 ESM

Packages

libsamplerate - Audio sample rate conversion library

Details

Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate
did not properly perform bounds checking. If a user were tricked into
processing a specially crafted audio file, an attacker could possibly
use this issue to cause a crash.

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibsamplerate0< 0.1.8-8ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchlibsamplerate0< 0.1.8-8UNKNOWN
Ubuntu16.04noarchlibsamplerate0-dbgsym< 0.1.8-8UNKNOWN
Ubuntu16.04noarchlibsamplerate0-dev< 0.1.8-8UNKNOWN
Ubuntu16.04noarchsamplerate-programs< 0.1.8-8UNKNOWN
Ubuntu16.04noarchsamplerate-programs-dbgsym< 0.1.8-8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	libsamplerate0	< 0.1.8-8ubuntu0.1~esm1	UNKNOWN
Ubuntu	16.04	noarch	libsamplerate0	< 0.1.8-8	UNKNOWN
Ubuntu	16.04	noarch	libsamplerate0-dbgsym	< 0.1.8-8	UNKNOWN
Ubuntu	16.04	noarch	libsamplerate0-dev	< 0.1.8-8	UNKNOWN
Ubuntu	16.04	noarch	samplerate-programs	< 0.1.8-8	UNKNOWN
Ubuntu	16.04	noarch	samplerate-programs-dbgsym	< 0.1.8-8	UNKNOWN