711394 – (CVE-2019-13147) media-libs/audiofile: Denial of service in ulaw2linear_buf via crafted file (CVE-2019-13147)

Bug 711394 (CVE-2019-13147) - media-libs/audiofile: Denial of service in ulaw2linear_buf via crafted file (CVE-2019-13147)

Summary: media-libs/audiofile: Denial of service in ulaw2linear_buf via crafted file (...

Status:	IN_PROGRESS

Alias:	CVE-2019-13147

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/mpruett/audiofile/...
Whiteboard:	B3 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2020-03-02 23:57 UTC by Sam James
Modified:	2020-07-19 18:36 UTC (History)
CC List:	2 users (show)

See Also:	CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-02 23:57:42 UTC

Description:
"In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file."

Not yet fixed upstream.