Описание
Security update for audiofile
This update for audiofile fixes the following issues:
- CVE-2019-13147: Do not allow too many channel to prevent NULL pointer dereference (bsc#1140031).
- CVE-2022-24599: Clear buffer when allocating (bsc#1196487).
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
audiofile-0.3.6-11.10.1
audiofile-devel-0.3.6-11.10.1
libaudiofile1-0.3.6-11.10.1
libaudiofile1-32bit-0.3.6-11.10.1
Ссылки
- Link for SUSE-SU-2025:02283-1
- E-Mail link for SUSE-SU-2025:02283-1
- SUSE Security Ratings
- SUSE Bug 1140031
- SUSE Bug 1196487
- SUSE CVE CVE-2019-13147 page
- SUSE CVE CVE-2022-24599 page
Описание
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:audiofile-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:audiofile-devel-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libaudiofile1-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libaudiofile1-32bit-0.3.6-11.10.1
Ссылки
- CVE-2019-13147
- SUSE Bug 1140031
Описание
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:audiofile-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:audiofile-devel-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libaudiofile1-0.3.6-11.10.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libaudiofile1-32bit-0.3.6-11.10.1
Ссылки
- CVE-2022-24599
- SUSE Bug 1196487