[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4255-1] audiofile security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4255-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 28, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : audiofile
Version        : 0.3.6-5+deb11u1
CVE ID         : CVE-2019-13147 CVE-2022-24599


The audiofile library allows the processing of audio data to and
from audio files of many common formats (currently AIFF, AIFF-C,
WAVE, NeXT/Sun, BICS, and raw data).

CVE-2019-13147

    Audiofile was vulnerable due to an integer overflow.
    Bail out early if NeXT audio files include too many channels.

CVE-2022-24599

    A memory leak was found due to reading not null
    terminated copyright field. Preallocate zeroed memory and
    always NUL terminates C strings.


For Debian 11 bullseye, these problems have been fixed in version
0.3.6-5+deb11u1.

We recommend that you upgrade your audiofile packages.

For the detailed security status of audiofile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/audiofile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmiHPQBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEc10A//Qdur8368eb+2ajLY9zNbG5VEQ44ZRYGO4rI3XEBe8Q3zLK+Et7+TO7Ou
hRQcOPndcZs3eTmw6KfG6t1laguDw9PPx0nD3BL9FapL+kCVCG62gi3RdeGOltcc
ToKQTdWA2eHQL6j1/1Pmp0ep1kmSMt70QsU2/z0CRDMWEoTui7x0nxq3CicsbHOW
vR1OaCaQQuhIdCSySk8Wp54afizt6J4ov9UCHGFYjkW4x75b+C1iWKPAY8RGj836
k8JeACEyEufidFxwSulcCBaGdIxg5d2DJeo8s0R/hfLVHUsWSKKPXZGrK3O+Xc74
m4aRsNWrjqy+Ft9t9PM0ZRKQKsBTARyDDGiwE04ykIjMn/wUq8zlR2n/lnpaAyF1
iiIJAggjL9UqOdWtKEIcs4waZ+2lCG5LmOIEfrDKNRsQWw4LiYaoyXATM40rB5jk
vLmz49yf+s5H9INjdrXpL8x1pn9CpY9FyIlQ2cpCT62PcLeaz/0YyYuPBtaNVbtv
fug6vlwFNcdC8iMeUrz2/+xzy6EUKzrDIJZZsOaDgD/bGtm7HR+g7v92bXOZmF0w
zrqB7I8++pO5eC3DBQp+Vzi4cd+rNsMkr/Dpqem27ku/xaKrF9rui/0yphhN4YuZ
fvJ3XVaPCl92g985qfDsBxfITsRCft/VASc1V7kSGOU4ty22vo8=
=Fbno
-----END PGP SIGNATURE-----


Reply to: