Synopsis: Moderate: audiofile security update
Advisory ID: SLSA-2020:3877-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2018-13440
CVE-2018-17095
—
Security Fix(es):
* audiofile: Heap-based buffer overflow in Expand3To4Module::run() when
running sfconvert (CVE-2018-17095)
* audiofile: NULL pointer dereference in ModuleState::setup() in
modules/ModuleState.cpp allows for denial of service via crafted file
(CVE-2018-13440)
—
SL7
x86_64
audiofile-0.3.6-9.el7.i686.rpm
audiofile-0.3.6-9.el7.x86_64.rpm
audiofile-debuginfo-0.3.6-9.el7.i686.rpm
audiofile-debuginfo-0.3.6-9.el7.x86_64.rpm
audiofile-devel-0.3.6-9.el7.i686.rpm
audiofile-devel-0.3.6-9.el7.x86_64.rpm
– Scientific Linux Development Team
