Vulnerability - CVE-2018-17095

Name

CVE-2018-17095

Source

NVD ( link)Debian ( link)

Description

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

CWEs

CWE-787

Published Date

Sep 16, 2018

Updated Date

Jun 17, 2026

Workaround

Advisories

https://github.com/mpruett/audiofile/issues/50Exploit

https://github.com/mpruett/audiofile/issues/51Exploit

https://usn.ubuntu.com/3800-1/Patch

https://github.com/mpruett/audiofile/issues/50Exploit

https://github.com/mpruett/audiofile/issues/51Exploit

https://usn.ubuntu.com/3800-1/Patch

Analysis#

Affected Component

Analysis

audiofile

Exploitable

Vulnerability Ratings#

8.8

CVSSv31

6.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

audiofile

yocto

kirkstone

0.3.6

Exploitable

audiofile

yocto

scarthgap

0.3.6

Exploitable