NULL Pointer Dereference in aubio | CVE-2018-19801

Q: How to fix?

Upgrade Debian:unstable aubio to version 0.4.9-1 or higher.

Threat Intelligence

0.36% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-DEBIANUNSTABLE-AUBIO-349111
published7 Jun 2019
disclosed7 Jun 2019

Report a new vulnerability Found a mistake?

Introduced: 7 Jun 2019

CVE-2018-19801 (opens in a new tab) CWE-476 (opens in a new tab)

How to fix?

Upgrade Debian:unstable aubio to version 0.4.9-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream aubio package and not the aubio package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

References

https://security-tracker.debian.org/tracker/CVE-2018-19801
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/
https://github.com/aubio/aubio/blob/0.4.9/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/

NULL Pointer Dereference Affecting aubio package, versions <0.4.9-1

Severity