Advisories » MGASA-2018-0441

Updated audiofile packages fix security vulnerabilities

Publication date: 11 Nov 2018
Modification date: 11 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13440 , CVE-2018-17095

Description

A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup()
allows for denial of service via crafted file (CVE-2018-13440).

A Heap-based buffer overflow was found in Expand3To4Module::run when
running sfconvert (CVE-2018-17095).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23754
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IILVUXOJMQBFB3GUWXZZXN4PLR3PV4IO/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13440
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17095

SRPMS

6/core

• audiofile-0.3.6-8.1.mga6