SB2018070615 - Multiple vulnerabilities in audiofile

Description

This security bulletin contains information about 2 vulnerabilities.

1) Null pointer dereference (CVE-ID: CVE-2018-13440)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ModuleState::setup function, as defined in the modules/ModuleState.cpp source code file due to a NULL pointer exception bug. A remote attacker can send a malicious CAF file, trigger a NULL pointer dereference condition and cause the affected application to crash.

2) Heap-based buffer overflow (CVE-ID: CVE-2018-17095)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the ModuleState::setup function due to a heap-based buffer overflow condition that occurs when running sfconvert. A remote attacker can trick the victim into opening or executing a specially crafted file that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://github.com/mpruett/audiofile/issues/49
• https://github.com/mpruett/audiofile/issues/50