CVE-2022-24599

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions autofile Audio File Library version 0.3.6

Description The issue is related to a memory leak in the printfileinfo function, located in printinfo.c, which can be exploited by an attacker to leak sensitive information via a crafted file. This occurs because the printfileinfo function calls the copyrightstring function to retrieve data but fails to use zero bytes to truncate the data.

Recommendations For autofile Audio File Library version 0.3.6, consider applying a patch or update that fixes the memory leak issue in the printfileinfo function. As a temporary workaround, consider restricting the use of the printfileinfo function until a patch is available.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-66560

AZL-66563

CVE-2022-24599

DLA-3650-1

DLA-4255-1

MGASA-2023-0336

OESA-2026-2353

OPENSUSE-SU-2025:15050-1

OPENSUSE-SU-2025_1559-1

SUSE-SU-2025:01559-1

SUSE-SU-2025:02283-1

SUSE-SU-2025:1559-1

SUSE-SU-2025_02283-1

USN-6558-1

Affected Products

Debian

Linuxmint

Suse

Ubuntu

Autofile Audio File Library

CVE-2022-24599

Weakness Enumeration

Related Identifiers

Affected Products

References · 47