Advisories » MGASA-2023-0347

Updated audiofile packages fix a security vulnerability

Publication date: 15 Dec 2023
Modification date: 15 Dec 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2019-13147

Description

2 patches are added to audiofile source to correct a vulnerability.
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL
pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a
that allows an attacker to cause a denial of service via a crafted file.
(CVE-2019-13147)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32608
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13147

SRPMS

9/core

• audiofile-0.3.6-14.mga9