Описание
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
A flaw was found in the Audiofile library. Processing a specially crafted input file can trigger a NULL pointer dereference, causing a crash to the application linked to the library and resulting in a denial of service.
Отчет
To exploit this issue, an attacker needs to be able to process a specially crafted input file with the application linked to the Audiofile library. Additionally, the only security impact of this vulnerability is a denial of service. Due to these reasons, this flaw has been rated with a moderate severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | audiofile | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | audiofile | Fixed | RHSA-2025:23457 | 18.12.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference ...
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
EPSS
7.5 High
CVSS3