CVE-2022-24599
MEDIUMAutofile Audio File Library 0.3.6 - Info Disclosure
Title source: llmDescription
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
References (6)
Core 6
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/
Exploit, Issue Tracking, Third Party Advisory
https://github.com/mpruett/audiofile/issues/60
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-401
Status
published
Products (5)
audiofile/audiofile
0.3.6
debian/debian_linux
10.0
fedoraproject/fedora
37
fedoraproject/fedora
38
fedoraproject/fedora
39
Published
Feb 24, 2022
Tracked Since
Feb 18, 2026