ArchLinux: 201902-8: aubio: denial of service

    Date12 Feb 2019
    CategoryArchLinux
    922
    Posted ByLinuxSecurity Advisories
    The package aubio before version 0.4.9-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201902-8
    =========================================
    
    Severity: Medium
    Date    : 2019-02-12
    CVE-ID  : CVE-2018-19800 CVE-2018-19801 CVE-2018-19802
    Package : aubio
    Type    : denial of service
    Remote  : No
    Link    : https://security.archlinux.org/AVG-888
    
    Summary
    =======
    
    The package aubio before version 0.4.9-1 is vulnerable to denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 0.4.9-1.
    
    # pacman -Syu "aubio>=0.4.9-1"
    
    The problems have been fixed upstream in version 0.4.9.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-19800 (denial of service)
    
    A potential buffer overflow vulnerability was found on invalid
    new_aubio-tempo in aubio before 0.4.9, which may lead to application
    crash when playing a crafted audio file.
    
    - CVE-2018-19801 (denial of service)
    
    A NULL pointer dereference (denial of service) vulnerability was found
    on invalid n_filters in aubio before 0.4.9, which may lead to
    application crash when playing a crafted audio file.
    
    - CVE-2018-19802 (denial of service)
    
    A NULL pointer dereference (denial of service) vulnerability was found
    on invalid new_aubio_onset in aubio before 0.4.9, which may lead to
    application crash when playing a crafted audio file.
    
    Impact
    ======
    
    An attacker might be able to crash the software by tricking the user
    into opening a crafted audio file.
    
    References
    ==========
    
    https://github.com/aubio/aubio/blob/0.4.9/ChangeLog#L14-L17
    https://github.com/aubio/aubio/commit/1cf031a3a5b869368562b1251419fd45191eaa53
    https://github.com/aubio/aubio/commit/bcc53876548334b4c5f1ebd47a5bd5f151974e8b
    https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e
    https://security.archlinux.org/CVE-2018-19800
    https://security.archlinux.org/CVE-2018-19801
    https://security.archlinux.org/CVE-2018-19802
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.