Description
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/mpruett/audiofile/issues/50
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3800-1/
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/mpruett/audiofile/issues/51
Scores
CVSS v3
8.8
EPSS
0.1198
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (8)
audiofile/audiofile
0.3.0
audiofile/audiofile
0.3.1
audiofile/audiofile
0.3.2
audiofile/audiofile
0.3.3
audiofile/audiofile
0.3.4
audiofile/audiofile
0.3.5
audiofile/audiofile
0.3.6
canonical/ubuntu_linux
14.04
Published
Sep 16, 2018
Tracked Since
Feb 18, 2026