Advisories » MGASA-2023-0336

Updated audiofile packages fix a security vulnerability

Publication date: 04 Dec 2023
Modification date: 12 Dec 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-24599

Description

The updated packages fix a security vulnerability

In autofile Audio File Library 0.3.6, there exists one memory leak
vulnerability in printfileinfo, in printinfo.c, which allows an attacker
to leak sensitive information via a crafted file. The printfileinfo
function calls the copyrightstring function to get data, however, it
dosn't use zero bytes to truncate the data. (CVE-2022-24599)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32561
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24599

SRPMS

9/core

• audiofile-0.3.6-12.1.mga9