Adsons

    ArchLinux: 201902-8: aubio: denial of service

    Date12 Feb 2019
    CategoryArchLinux
    214
    Posted ByLinuxSecurity Advisories
    The package aubio before version 0.4.9-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201902-8
    =========================================
    
    Severity: Medium
    Date    : 2019-02-12
    CVE-ID  : CVE-2018-19800 CVE-2018-19801 CVE-2018-19802
    Package : aubio
    Type    : denial of service
    Remote  : No
    Link    : https://security.archlinux.org/AVG-888
    
    Summary
    =======
    
    The package aubio before version 0.4.9-1 is vulnerable to denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 0.4.9-1.
    
    # pacman -Syu "aubio>=0.4.9-1"
    
    The problems have been fixed upstream in version 0.4.9.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-19800 (denial of service)
    
    A potential buffer overflow vulnerability was found on invalid
    new_aubio-tempo in aubio before 0.4.9, which may lead to application
    crash when playing a crafted audio file.
    
    - CVE-2018-19801 (denial of service)
    
    A NULL pointer dereference (denial of service) vulnerability was found
    on invalid n_filters in aubio before 0.4.9, which may lead to
    application crash when playing a crafted audio file.
    
    - CVE-2018-19802 (denial of service)
    
    A NULL pointer dereference (denial of service) vulnerability was found
    on invalid new_aubio_onset in aubio before 0.4.9, which may lead to
    application crash when playing a crafted audio file.
    
    Impact
    ======
    
    An attacker might be able to crash the software by tricking the user
    into opening a crafted audio file.
    
    References
    ==========
    
    https://github.com/aubio/aubio/blob/0.4.9/ChangeLog#L14-L17
    https://github.com/aubio/aubio/commit/1cf031a3a5b869368562b1251419fd45191eaa53
    https://github.com/aubio/aubio/commit/bcc53876548334b4c5f1ebd47a5bd5f151974e8b
    https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e
    https://security.archlinux.org/CVE-2018-19800
    https://security.archlinux.org/CVE-2018-19801
    https://security.archlinux.org/CVE-2018-19802
    
    

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200