Candidate: CVE-2017-17554
PublicDate: 2017-12-12 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17554
 https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md
Description:
 A NULL pointer dereference (DoS) Vulnerability was found in the function
 aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which
 may lead to DoS when playing a crafted audio file.
Ubuntu-Description:
Notes:
 debian> Vulnerability introduced in 0.4.3
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884237
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_aubio:
 upstream: https://github.com/aubio/aubio/commit/a81b12a3b4174953b3bc7ef4c37103f4d5636740
upstream_aubio: released (0.4.6-1)
precise/esm_aubio: DNE
trusty_aubio: ignored (reached end-of-life)
trusty/esm_aubio: DNE (trusty was needs-triage)
xenial_aubio: ignored (end of standard support, was needed)
zesty_aubio: ignored (reached end-of-life)
artful_aubio: ignored (reached end-of-life)
bionic_aubio: needed
cosmic_aubio: ignored (reached end-of-life)
disco_aubio: not-affected (0.4.6-2)
eoan_aubio: not-affected (0.4.6-2)
focal_aubio: not-affected (0.4.6-2)
groovy_aubio: not-affected (0.4.6-2)
hirsute_aubio: not-affected (0.4.6-2)
impish_aubio: not-affected (0.4.6-2)
jammy_aubio: not-affected (0.4.6-2)
devel_aubio: not-affected (0.4.6-2)