Updated audiofile packages fix security vulnerabilities
Publication date: 11 Nov 2018Modification date: 11 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13440 , CVE-2018-17095
Description
A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file (CVE-2018-13440). A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert (CVE-2018-17095).
References
SRPMS
6/core
- audiofile-0.3.6-8.1.mga6