{"id":"MGASA-2019-0016","summary":"Updated aubio packages fix security vulnerabilities","details":"NULL pointer dereference in the function aubio_source_avcodec_readframe\nwhich may lead to DoS when playing a crafted audio file (CVE-2017-17554).\n\nA crash in aubio_pitch_set_unit (CVE-2018-14522).\n\nA buffer overrread resulting in crash or information leakage in\nnew_aubio_pitchyinfft (CVE-2018-14523).\n","modified":"2026-02-01T11:00:39.837414Z","published":"2019-01-06T16:41:22Z","related":["CVE-2017-17554","CVE-2018-14522","CVE-2018-14523"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0016.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23211"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-08/msg00089.html"}],"affected":[{"package":{"name":"aubio","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/aubio?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.2-2.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0016.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}