mpruett audiofile
Moderate fix1 remedy
cpe:2.3:a:audiofile:audiofile:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 0.3.7, < 0.3.8
Audiofile NULL Pointer Dereference Vulnerability in ModuleState::setup Function
Vulnerability
A NULL pointer dereference vulnerability has been identified in Audiofile version 0.3.7. The issue arises in the ModuleState::setup function, where a NULL pointer is accessed, leading to a runtime error. This vulnerability can be exploited to cause a denial-of-service condition by crashing the application.
Impact
Exploitation of this vulnerability leads to a segmentation fault, causing the application to crash. This behavior is indicative of a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by compiling Audiofile with AddressSanitizer enabled, using AFL (American Fuzzy Lop) as the compiler. After compiling and installing the application, the 'sfconvert' command can be used to process a crafted file that triggers the NULL pointer dereference. The AddressSanitizer will report the runtime error, indicating that a member was accessed through a NULL pointer, which caused a segmentation fault.
Remediation
Users are advised to update to the patched version available in the GitHub repository.
Added: Oct 23, 2025, 4:18 PM
Updated: Oct 23, 2025, 4:18 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
6.0remediation
7.7relevance
0.8threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.