Aubio 0.4.6

CPE Details

Aubio 0.4.6
aubio
aubio
0.4.6
2019-06-10
09h03 +00:00
2019-06-10
09h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:aubio:aubio:0.4.6:*:*:*:*:*:*:*

Informations

Vendor

aubio

Product

aubio

Version

0.4.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-19800 2019-06-07 14h38 +00:00 aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.
9.8
Critical
CVE-2018-19801 2019-06-07 14h37 +00:00 aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.
7.5
High
CVE-2018-19802 2019-06-07 14h35 +00:00 aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.
7.5
High
CVE-2018-14521 2018-07-23 06h00 +00:00 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
8.8
High
CVE-2018-14522 2018-07-23 06h00 +00:00 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
8.8
High
CVE-2018-14523 2018-07-23 06h00 +00:00 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
8.8
High
CVE-2017-17554 2017-12-12 01h00 +00:00 A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.
5.5
Medium
CVE-2017-17555 2017-12-12 00h00 +00:00 The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
6.5
Medium
CVE-2017-17054 2017-11-29 06h00 +00:00 In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.