{"id":"MGASA-2015-0408","summary":"Updated audiofile packages fixes security vulnerability","details":"When libaudiofile is used to change both the number of channels of an\naudio file (e.g. from stereo to mono) and the sample format (e.g. from\n16-bit samples to 8-bit samples), the output file will contain corrupted\ndata.\tIf the new sample format is smaller than the old one, there is a\nrisk of buffer overflow: e.g. when the input file has 16-bit samples and\nthe output file has 8-bit samples, afReadFrames will treat the buffer to\nread the samples (argument void *data) as a pointer to int16_t instead of\nint8_t, therefore it will write past its end (CVE-2015-7747).\n","modified":"2026-04-16T01:47:44.464474765Z","published":"2015-10-25T14:38:05Z","upstream":["CVE-2015-7747"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0408.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16923"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/10/08/1"}],"affected":[{"package":{"name":"audiofile","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/audiofile?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.6-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0408.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}