CVE-2019-13147

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
audiofileaudiofile
0.3.6
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
audiofile
bookworm
no-dsa
bullseye
ignored
stretch
no-dsa
jessie
postponed
sid
0.3.6-7
fixed
trixie
0.3.6-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
audiofile
noble
deferred
mantic
Fixed 0.3.6-5+deb10u1build0.23.10.1
released
lunar
Fixed 0.3.6-5+deb10u1build0.23.04.1
released
kinetic
ignored
jammy
Fixed 0.3.6-5+deb10u1build0.22.04.1
released
impish
ignored
hirsute
ignored
groovy
ignored
focal
Fixed 0.3.6-5+deb10u1build0.20.04.1
released
eoan
ignored
disco
ignored
cosmic
ignored
bionic
Fixed 0.3.6-4ubuntu0.1~esm1
released
xenial
Fixed 0.3.6-2ubuntu0.16.04.1+esm1
released
trusty
Fixed 0.3.6-2ubuntu0.14.04.3+esm1
released
Common Weakness Enumeration
References
https://github.com/mpruett/audiofile/issues/54
https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html
https://github.com/mpruett/audiofile/issues/54
https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html
https://lists.debian.org/debian-lts-announce/2025/07/msg00020.html