Vulnerabilities > CVE-2018-17095 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3588-1.NASL
    descriptionThis update for audiofile fixes the following issues : CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118588
    published2018-11-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118588
    titleSUSE SLED12 / SLES12 Security Update : audiofile (SUSE-SU-2018:3588-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3588-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118588);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-17095");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : audiofile (SUSE-SU-2018:3588-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for audiofile fixes the following issues :
    
    CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run
    could occurred when running sfconvert leading to crashes or code
    execution when handling untrusted soundfiles (bsc#1111586).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-17095/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183588-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?124c0577"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2542=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2542=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-2542=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libaudiofile1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libaudiofile1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"audiofile-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"audiofile-debuginfo-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"audiofile-debugsource-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libaudiofile1-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libaudiofile1-debuginfo-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libaudiofile1-32bit-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libaudiofile1-debuginfo-32bit-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"audiofile-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"audiofile-debuginfo-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"audiofile-debugsource-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libaudiofile1-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libaudiofile1-debuginfo-0.3.6-11.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libaudiofile1-debuginfo-32bit-0.3.6-11.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "audiofile");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3058A87E60.NASL
    descriptionFixes for CVE-2018-13440 and CVE-2018-17095. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120330
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120330
    titleFedora 29 : 1:audiofile (2018-3058a87e60)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-3058a87e60.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120330);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-13440", "CVE-2018-17095");
      script_xref(name:"FEDORA", value:"2018-3058a87e60");
    
      script_name(english:"Fedora 29 : 1:audiofile (2018-3058a87e60)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes for CVE-2018-13440 and CVE-2018-17095.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3058a87e60"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:audiofile package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:audiofile");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"audiofile-0.3.6-21.fc29", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:audiofile");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-879.NASL
    descriptionThis update for audiofile fixes the following issues : - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123363
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123363
    titleopenSUSE Security Update : audiofile (openSUSE-2019-879)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-879.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123363);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2018-17095");
    
      script_name(english:"openSUSE Security Update : audiofile (openSUSE-2019-879)");
      script_summary(english:"Check for the openSUSE-2019-879 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for audiofile fixes the following issues :
    
      - CVE-2018-17095: A heap-based buffer overflow in
        Expand3To4Module::run could occurred when running
        sfconvert leading to crashes or code execution when
        handling untrusted soundfiles (bsc#1111586).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111586"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected audiofile packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"audiofile-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"audiofile-debuginfo-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"audiofile-debugsource-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"audiofile-devel-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libaudiofile1-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libaudiofile1-debuginfo-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"audiofile-devel-32bit-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libaudiofile1-32bit-debuginfo-0.3.6-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "audiofile / audiofile-debuginfo / audiofile-debugsource / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1375.NASL
    descriptionThis update for audiofile fixes the following issues : - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-11-11
    plugin id118873
    published2018-11-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118873
    titleopenSUSE Security Update : audiofile (openSUSE-2018-1375)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1375.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118873);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-17095");
    
      script_name(english:"openSUSE Security Update : audiofile (openSUSE-2018-1375)");
      script_summary(english:"Check for the openSUSE-2018-1375 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for audiofile fixes the following issues :
    
      - CVE-2018-17095: A heap-based buffer overflow in
        Expand3To4Module::run could occurred when running
        sfconvert leading to crashes or code execution when
        handling untrusted soundfiles (bsc#1111586).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111586"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected audiofile packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:audiofile-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaudiofile1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"audiofile-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"audiofile-debuginfo-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"audiofile-debugsource-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"audiofile-devel-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libaudiofile1-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libaudiofile1-debuginfo-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"audiofile-devel-32bit-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-13.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libaudiofile1-debuginfo-32bit-0.3.6-13.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "audiofile / audiofile-debuginfo / audiofile-debugsource / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3588-2.NASL
    descriptionThis update for audiofile fixes the following issues : CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2018-12-11
    plugin id119572
    published2018-12-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119572
    titleSUSE SLED12 / SLES12 Security Update : audiofile (SUSE-SU-2018:3588-2)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-41626FA774.NASL
    descriptionFixes for CVE-2018-13440 and CVE-2018-17095. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120377
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120377
    titleFedora 28 : 1:audiofile (2018-41626fa774)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-B967B5592E.NASL
    descriptionFixes for CVE-2018-13440 and CVE-2018-17095. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-10-18
    plugin id118181
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118181
    titleFedora 27 : 1:audiofile (2018-b967b5592e)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3506-1.NASL
    descriptionThis update for audiofile fixes the following issues : CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120149
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120149
    titleSUSE SLED15 / SLES15 Security Update : audiofile (SUSE-SU-2018:3506-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1325.NASL
    descriptionThis update for audiofile fixes the following issues : - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-10-29
    plugin id118488
    published2018-10-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118488
    titleopenSUSE Security Update : audiofile (openSUSE-2018-1325)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3800-1.NASL
    descriptionIt was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13440) It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17095). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118392
    published2018-10-25
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118392
    titleUbuntu 14.04 LTS : audiofile vulnerabilities (USN-3800-1)