Antlarr

**Name of the Vulnerable Software and Affected Versions** Audio File Library version 0.3.6 **Description** The issue is related to a heap-based buffer overflow in the `alaw2linear buf` function in G711.cpp, which allows remote attackers to cause a denial of service (crash) via a crafted file. **Recommendations** For Audio File Library version 0.3.6, consider avoiding the use of the `alaw2linear buf` function in G711.cpp until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audio File Library versions 0.2.7 through 0.3.6 **Description** The issue is a heap-based buffer overflow in the decodeBlock function in MSADPCM.cpp. This allows remote attackers to cause a denial of service (crash) via a crafted file. **Recommendations** For versions 0.2.7 through 0.3.6, consider disabling the decodeBlock function in MSADPCM.cpp as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audio File Library version 0.3.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a divide-by-zero error and crash, via a crafted file. This is due to a problem in the `runPull` function in `libaudiofile/modules/BlockCodec.cpp`. **Recommendations** For Audio File Library version 0.3.6, consider avoiding the use of the `runPull` function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Audio File Library (aka audiofile) versions 0.2.7 through 0.3.6 **Description** The issue is related to a heap-based buffer overflow in the `ulaw2linear buf` function in G711.cpp. This allows remote attackers to cause a denial of service (crash) via a crafted file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Audio File Library (aka audiofile) versions 0.2.7 through 0.3.6, consider disabling the `ulaw2linear buf` function in G711.cpp until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audio File Library version 0.3.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a divide-by-zero error and crash, via a crafted file. This is due to a problem in the `reset1` function in `libaudiofile/modules/BlockCodec.cpp`. **Recommendations** For Audio File Library version 0.3.6, consider avoiding the use of the `reset1` function in `libaudiofile/modules/BlockCodec.cpp` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Audio File Library versions 0.3.0 through 0.3.6 **Description** The issue is a heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h. This allows remote attackers to cause a denial of service (crash) via a crafted file. **Recommendations** For versions 0.3.0 through 0.3.6, consider disabling the Expand3To4Module::run function as a temporary workaround until a patch is available. Restrict access to crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.