libaudiofile.so is vulnerable to denial of service (DoS). The vulnerability can be triggered by causing a heap-based buffer overflow in the Expand3To4Module::run
function of SimpleModule.h
by sending a malicious audio file.
CPE | Name | Operator | Version |
---|---|---|---|
libaudiofile.so | eq | 1.0.0 |
www.debian.org/security/2017/dsa-3814
www.openwall.com/lists/oss-security/2017/03/13/8
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/
blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/
github.com/mpruett/audiofile/blob/master/libaudiofile/modules/SimpleModule.h#L238
github.com/mpruett/audiofile/issues/40
github.com/mpruett/audiofile/pull/42