Source: audiofile Version: 0.3.6-5 Severity: important Tags: security upstream Forwarded: https://github.com/mpruett/audiofile/issues/60 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for audiofile. CVE-2022-24599[0]: | In autofile Audio File Library 0.3.6, there exists one memory leak | vulnerability in printfileinfo, in printinfo.c, which allows an | attacker to leak sensitive information via a crafted file. The | printfileinfo function calls the copyrightstring function to get data, | however, it dosn't use zero bytes to truncate the data. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24599 [1] https://github.com/mpruett/audiofile/issues/60 Regards, Salvatore
