Debian 10261 Published by

An audiofile security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple security issues.



ELA-1008-1 audiofile security update

Package : audiofile
Version : 0.3.6-4+deb9u2 (stretch)

Related CVEs :
CVE-2019-13147
CVE-2022-24599

The audiofile library allows the processing of audio data to and from audio
files of many common formats (currently AIFF, AIFF-C, WAVE, NeXT/Sun, BICS, and
raw data).

CVE-2019-13147
Audiofile was vulnerable due to an integer overflow. The program quits
early if NeXT audio files include too many channels now.

CVE-2022-24599
A memory leak was found due to reading a not null terminated copyright field.
Preallocate zeroed memory and always NUL terminate C strings from now on.

ELA-1008-1 audiofile security update