audiofile 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-50950 | Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. | [email protected] | 7.5 | 0.30% | 2025-10-23 | 2025-10-28 |
| CVE-2020-18781 | Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. | [email protected] | 5.5 | 0.26% | 2023-08-22 | 2024-11-21 |
| CVE-2022-24599 | In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | [email protected] | 6.5 | 1.73% | 2022-02-24 | 2025-11-03 |
| CVE-2015-7747 | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | [email protected] | 8.8 | 8.87% | 2020-02-19 | 2025-08-13 |
| CVE-2019-13147 | In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. | [email protected] | 6.5 | 1.91% | 2019-07-02 | 2025-11-03 |
| CVE-2018-17095 | An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | [email protected] | 8.8 | 4.65% | 2018-09-16 | 2025-08-13 |
| CVE-2018-13440 | The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. | [email protected] | 6.5 | 3.11% | 2018-07-08 | 2025-08-13 |
| CVE-2017-6839 | Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 3.02% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6838 | Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 2.95% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6837 | WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. | [email protected] | 5.5 | 2.85% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6836 | Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 2.87% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6835 | The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. | [email protected] | 5.5 | 2.77% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6834 | Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 2.61% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6833 | The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. | [email protected] | 5.5 | 2.81% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6832 | Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 3.03% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6831 | Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 3.09% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6830 | Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 2.98% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6829 | The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 2.85% | 2017-03-20 | 2026-05-13 |
| CVE-2017-6828 | Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. | [email protected] | 7.8 | 3.24% | 2017-03-15 | 2026-05-13 |
| CVE-2017-6827 | Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. | [email protected] | 7.8 | 2.94% | 2017-03-15 | 2026-05-13 |