{"id":"CVE-2016-2541","details":"Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.","modified":"2026-04-11T15:16:11.900643Z","published":"2018-02-07T17:29:00.310Z","references":[{"type":"ADVISORY","url":"http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2"},{"type":"ADVISORY","url":"https://fortiguard.com/zeroday/FG-VD-15-118"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/audacity/audacity","events":[{"introduced":"0"},{"fixed":"53b8fd534e2051a992f5a3db35feb02b8e516fa0"}],"database_specific":{"cpe":"cpe:2.3:a:audacityteam:audacity:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.1.2"}],"source":"CPE_FIELD"}}],"versions":["Audacity-1.3.12","Audacity-1.3.13","Audacity-1.3.14","Audacity-1.3.15","Audacity-2.0.0","Audacity-2.0.1","Audacity-2.0.2","Audacity-2.0.3","Audacity-2.0.4","Audacity-2.0.5","Audacity-2.0.6","Audacity-2.1.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T15:16:11Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2541.json","vanir_signatures":[{"id":"CVE-2016-2541-518b30c1","target":{"file":"src/ViewInfo.cpp"},"source":"https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["66864588947979753484225749660263159203","267987750409292518280316596967873861509","11202172672454491329816081171567493709","115795955333616436983341194630885713759","254059627534711714374801358871806589395","202260647511678443568586201882322637156"],"threshold":0.9},"signature_type":"Line"},{"id":"CVE-2016-2541-7fd33770","target":{"file":"src/TrackArtist.cpp"},"source":"https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["38399647438157856831809089895972873921","228096807239596364983888216631011599933","314857515575042533231178717339280927061","315310807940520099516996115758888315983","88759457098864477622206839694474646103","228161729867802652376416023962417280369","83616748671819158051436165844294323091","5871137730356298193096649149970739113","167702642452076325727583795174263460522","7556371000701191095287994382590672588","308538708546675427086624936098229719848","211107071068749770187730401962487347671","197639651603026078509229707447547955153","42484582116663894539100206822463444234","300611510128631336159152611204694431406","153312063652465889078841423862306168127","167891495649134609487019187049795998634","24718313641207123188331133858906875488","215370593398757933198569397815959560698"],"threshold":0.9},"signature_type":"Line"},{"id":"CVE-2016-2541-e7c7cf2f","target":{"file":"src/ViewInfo.cpp","function":"ZoomInfo::TimeToPosition"},"source":"https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0","signature_version":"v1","deprecated":false,"digest":{"length":137,"function_hash":"1611930867571478740505099216951801919"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}