Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Mageia 9 MGASA-2023-0336 critical: audiofile memory leak exposure

mageia
Calendar Grey December 4, 2023
Dist Mageia Esm H88
Mageia's latest audio file improvements address a potential memory leak vulnerability that risked the exposure of confidential information via specially crafted files.
The updated packages fix a security vulnerability In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows a...

Summary

The updated packages fix a security vulnerability
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. (CVE-2022-24599)

References

- https://bugs.mageia.org/show_bug.cgi?id=32561

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/

- https://www.cve.org/CVERecord?id=CVE-2023-24599

Resolution

SRPMS

- 9/core/audiofile-0.3.6-12.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Dec 2023
URL: https://advisories.mageia.org/MGASA-2023-0336.html
Type: security
CVE: CVE-2023-24599

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.