Описание
Security update for audiofile
This update for audiofile fixes the following issues:
- CVE-2019-13147: Fixed NULL pointer dereference in ulaw2linear_buf that could lead to DOS (bsc#1140031).
- CVE-2022-24599: unverified user input when processing audio files can lead to information leak (bsc#1196487).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
audiofile-devel-0.3.6-150000.3.12.1
libaudiofile1-0.3.6-150000.3.12.1
Ссылки
- Link for SUSE-SU-2025:01559-1
- E-Mail link for SUSE-SU-2025:01559-1
- SUSE Security Ratings
- SUSE Bug 1140031
- SUSE Bug 1196487
- SUSE CVE CVE-2019-13147 page
- SUSE CVE CVE-2022-24599 page
Описание
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:audiofile-devel-0.3.6-150000.3.12.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaudiofile1-0.3.6-150000.3.12.1
Ссылки
- CVE-2019-13147
- SUSE Bug 1140031
Описание
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:audiofile-devel-0.3.6-150000.3.12.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libaudiofile1-0.3.6-150000.3.12.1
Ссылки
- CVE-2022-24599
- SUSE Bug 1196487