| Package | audiofile |
|---|---|
| Version | 0.3.6-4+deb9u2 (stretch) |
| Related CVEs | CVE-2019-13147 CVE-2022-24599 |
The audiofile library allows the processing of audio data to and from audio files of many common formats (currently AIFF, AIFF-C, WAVE, NeXT/Sun, BICS, and raw data).
CVE-2019-13147
Audiofile was vulnerable due to an integer overflow. The program quits
early if NeXT audio files include too many channels now.
CVE-2022-24599
A memory leak was found due to reading a not null terminated copyright field.
Preallocate zeroed memory and always NUL terminate C strings from now on.
For Debian 9 stretch, these problems have been fixed in version 0.3.6-4+deb9u2.
We recommend that you upgrade your audiofile packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.