aubio@0.4.5 vulnerabilities

a collection of tools for music analysis

latest version

0.4.9
latest non vulnerable version

0.4.9
first published

8 years ago
latest version published

5 years ago
licenses detected
- GPL-3.0
  [0,)
View aubio package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the aubio package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H NULL Pointer Dereference aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to NULL Pointer Dereference. A NULL pointer dereference vulnerability was found in the function `aubio_source_avcodec_readframe` in `io/source_avcodec.c`, which may lead to denial of service when playing a crafted audio file. How to fix NULL Pointer Dereference? Upgrade `aubio` to version 0.4.6 or higher.	[,0.4.6)
H Out-of-Bounds aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Out-of-Bounds. A SEGV signal can occur in `aubio_source_avcodec_readframe` in `io/source_avcodec.c`, as demonstrated by aubiomfcc. How to fix Out-of-Bounds? Upgrade `aubio` to version 0.4.7 or higher.	[,0.4.7)
M Denial of Service (DoS) aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can pass a malicious audio file to the `new_aubio_source_wavread()` function in `source_wavread.c`, leading to a divide-by-zero error. How to fix Denial of Service (DoS)? Upgrade `aubio` to version 0.4.7 or higher.	[,0.4.7)
H Out-of-Bounds aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Out-of-Bounds. A buffer over-read can occur in `new_aubio_pitchyinfft` in `pitch/pitchyinfft.c`, and in `aubio_pitch_set_unit` in `pitch/pitch.c` as demonstrated by aubionotes. How to fix Out-of-Bounds? Upgrade `aubio` to version 0.4.7 or higher.	[,0.4.7)
H Denial of Service (DoS) aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Denial of Service (DoS) via a `new_aubio_onset` NULL pointer dereference. How to fix Denial of Service (DoS)? Upgrade `aubio` to version 0.4.9 or higher.	[0.4.0,0.4.9)
M Denial of Service (DoS) aubio collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of validation in `new_aubio_filterbank` which allowed for a `null-pointer` dereference on invalid `n_filters`. How to fix Denial of Service (DoS)? Upgrade `aubio` to version 0.4.9 or higher.	[0.4.0,0.4.9)
M Denial of Service (DoS) aubio collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a lack of validation in `new_aubio_onset` which allowed for a `null-pointer` dereference on invalid `n_filters`. How to fix Denial of Service (DoS)? Upgrade `aubio` to version 0.4.9 or higher.	[0.4.0,0.4.9)
M Buffer Overflow aubio is a collection of tools for music and audio analysis. Affected versions of this package are vulnerable to Buffer Overflow due to a lack of validation on `new_aubio-tempo`. How to fix Buffer Overflow? Upgrade `aubio` to version 0.4.9 or higher.	[0.4.0,0.4.9)

Go back to all versions of this package

aubio@0.4.5 vulnerabilities

a collection of tools for music analysis

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities