Hello Salvatore, thank you for the report. I am preparing a patch for this and will submit an updated package asap.
See also https://github.com/aubio/aubio/issues/137 best, piem On 12/12/2017 03:31 PM, Salvatore Bonaccorso wrote: > Source: aubio > Version: 0.4.5-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for aubio. > > CVE-2017-17554[0]: > | A NULL pointer dereference (DoS) Vulnerability was found in the > | function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio > | 0.4.6, which may lead to DoS when playing a crafted audio file. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-17554 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17554 > > Please adjust the affected versions in the BTS as needed, only 0.4.5-1 > has been verfied before filling this bug. > > Regards, > Salvatore >