CVE-2022-24599

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Published: Feb 24, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-24599
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
audio_file_library_project / audio_file_library	0.3.6	0.3.6.x
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x

https://github.com/mpruett/audiofile/issues/60
https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/

Vulnerability Database

CVE-2022-24599