CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.115

EPSS Ranking 93.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

https://github.com/mpruett/audiofile/issues/49
https://usn.ubuntu.com/3800-1/
https://github.com/mpruett/audiofile/issues/49
https://usn.ubuntu.com/3800-1/

Products affected by CVE-2018-13440

Audio File Library Project » Audio File Library » Version: 0.3.6

cpe:2.3:a:audio_file_library_project:audio_file_library:0.3.6
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13440

Products

Pricing

Contact Us