CVE-2018-13440

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions The audiofile Audio File Library version 0.3.6

Description The issue is related to a NULL pointer dereference bug in the ModuleState::setup function, located in modules/ModuleState.cpp. This bug can be exploited by an attacker to cause a denial of service using a crafted caf file. An example of such exploitation is demonstrated by the sfconvert tool.

Recommendations For The audiofile Audio File Library version 0.3.6, consider restricting access to the ModuleState::setup function in modules/ModuleState.cpp to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted caf files that could trigger the NULL pointer dereference bug. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-2193

ALT-PU-2022-3089

AZL-44397

AZL-66249

CESA-2020_3877

CVE-2018-13440

MGASA-2018-0441

OESA-2026-2353

OPENSUSE-SU-2019:1260-1

OPENSUSE-SU-2019_1260-1

RHSA-2020:3877

RHSA-2020_3877

SUSE-SU-2019:0940-1

SUSE-SU-2019_0940-1

SUSE-SU-2020:1619-1

SUSE-SU-2020_1619-1

USN-3800-1

USN-6558-1

Affected Products

Alt Linux

Audio File Library

Centos

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2018-13440

Weakness Enumeration

Related Identifiers

Affected Products

References · 36