Fluid Attacks Database

Description

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	audiofile	>=0 <0.3.6-5	0.3.6-5
debian 11	audiofile	>=0 <0.3.6-5	0.3.6-5
debian 13	audiofile	>=0 <0.3.6-5	0.3.6-5
debian 12	audiofile	>=0 <0.3.6-5	0.3.6-5
rpm rhel8	audiofile	-	-
rpm rhel7	audiofile	<1:0.3.6-9.el7	1:0.3.6-9.el7

Aliases

1. CVE-2018-134402. NVD-2018-134403. OSV-DEBIAN-2018-134404. OSV-2018-134405. SECURITY-TRACKER-CVE-2018-13440

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.