Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711226 (CVE-2018-19800, CVE-2018-19801, CVE-2018-19802, CVE-2019-1010222, CVE-2019-1010223, CVE-2019-1010224) - <media-libs/aubio-0.4.9: Multiple vulnerabilities (CVE-2018-{1980019801,19802},CVE-2019-{1010222,1010223,1010224})
Summary: <media-libs/aubio-0.4.9: Multiple vulnerabilities (CVE-2018-{1980019801,19802...
Status: IN_PROGRESS
Alias: CVE-2018-19800, CVE-2018-19801, CVE-2018-19802, CVE-2019-1010222, CVE-2019-1010223, CVE-2019-1010224
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [stable? cve]
Keywords:
Depends on: 679184 692344
Blocks:
  Show dependency tree
 
Reported: 2020-03-01 20:40 UTC by Sam James (sec padawan)
Modified: 2020-05-22 01:23 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/aubio-0.4.9
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-01 20:40:42 UTC
1) CVE-2019-1010223

Description:
"aubio 0.4.8 and earlier is affected by: Buffer Overflow. The impact is: buffer overflow in strcpy. The component is: tempo. The fixed version is: after commit b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5."

URL: https://www.cvedetails.com/cve/CVE-2019-1010223/

2) CVE-2019-1010224

Description:
"aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash (DoS). The component is: onset. The fixed version is: after commit e4e0861cffbc8d3a53dcd18f9ae85797690d67c7."

URL: https://www.cvedetails.com/cve/CVE-2019-1010224/
Comment 1 Sam James (sec padawan) 2020-03-01 20:42:53 UTC
3) CVE-2019-1010222

Description:
"aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e."

URL: https://www.cvedetails.com/cve/CVE-2019-1010222/
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2020-05-22 01:23:23 UTC
CVE-2019-1010222
    CVE ID: CVE-2019-1010222
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19801. Reason: This candidate is a reservation duplicate of CVE-2018-19801. Notes: All CVE users should reference CVE-2018-19801 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:

CVE-2019-1010223
    CVE ID: CVE-2019-1010223
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19800. Reason: This candidate is a reservation duplicate of CVE-2018-19800. Notes: All CVE users should reference CVE-2018-19800 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:

CVE-2019-1010224
    CVE ID: CVE-2019-1010224
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19802. Reason: This candidate is a reservation duplicate of CVE-2018-19802. Notes: All CVE users should reference CVE-2018-19802 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:
__________________________

Leaving Rejected CVE's so that able to search, but putting in new proper numbers in as well.