Lucene search

Veracode Vulnerability DatabaseVERACODE:7136

HistoryJul 24, 2018 - 5:47 a.m.

Denial Of Service (DoS)

2018-07-2405:47:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.007 Low

EPSS

Percentile

80.6%

JSON

libaudiofile.so is vulnerable to denial of service (DoS). The vulnerability can be triggered by causing a heap-based buffer overflow in the Expand3To4Module::run function of SimpleModule.h by sending a malicious audio file.

CPENameOperatorVersion
libaudiofile.soeq1.0.0

CPE	Name	Operator	Version
	libaudiofile.so	eq	1.0.0

References

www.debian.org/security/2017/dsa-3814

www.openwall.com/lists/oss-security/2017/03/13/8

blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/

blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/

github.com/mpruett/audiofile/blob/master/libaudiofile/modules/SimpleModule.h#L238

github.com/mpruett/audiofile/issues/40

github.com/mpruett/audiofile/pull/42

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for VERACODE:7136