NVD Vulnerability Detail

CVE-2015-7747

Summary	Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
Publication Date	Feb. 20, 2020, 6:15 a.m.
Registration Date	Jan. 26, 2021, 2:57 p.m.
Last Update	Nov. 21, 2024, 11:37 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:fedoraproject:fedora:23:::::::*
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:audio_file_library_project:audio_file_library::::::::					0.3.6

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html	Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html	Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2015/10/06/2	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2015/10/06/2	Mailing List Third Party Advisory
5	http://www.ubuntu.com/usn/USN-2787-1	Third Party Advisory
6	http://www.ubuntu.com/usn/USN-2787-1	Third Party Advisory
7	https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721	Third Party Advisory
8	https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721	Third Party Advisory
9	https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch	Patch Third Party Advisory
10	https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch	Patch Third Party Advisory
11	https://www.openwall.com/lists/oss-security/2015/10/08/1	Mailing List Third Party Advisory
12	https://www.openwall.com/lists/oss-security/2015/10/08/1	Mailing List Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-120	古典的バッファオーバーフロー	https://cwe.mitre.org/data/definitions/120.html

JVN Vulnerability Information

audiofile における古典的バッファオーバーフローの脆弱性

Title	audiofile における古典的バッファオーバーフローの脆弱性
Summary	audiofile (別名 libaudiofile and Audio File Library) には、古典的バッファオーバーフローの脆弱性が存在が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 28, 2015, midnight
Registration Date	March 10, 2020, 2:16 p.m.
Last Update	March 10, 2020, 2:16 p.m.

Affected System

Fedora Project

Fedora

Canonical

Ubuntu

68k.org

audiofile

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-7747	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7747
National Vulnerability Database (NVD)
2	CVE-2015-7747	https://nvd.nist.gov/vuln/detail/CVE-2015-7747

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-120	https://cwe.mitre.org/data/definitions/120.html

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2015-605cd28f33	https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html
GitHub
2	Audio File Library	https://github.com/mpruett/audiofile
Launchpad
3	Bug #1502721	https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
Ubuntu Security Notice
4	USN-2787-1	https://usn.ubuntu.com/2787-1/

その他

No	Name	URL
関連文書
1	motioneyeos/package/audiofile/0008-CVE-2015-7747.patch	https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch

Change Log

No	Changed Details	Date of change
1	[2020年03月10日] 掲載	March 10, 2020, 2:16 p.m.