CVE-2018-13440

Published Jul 8, 2018

Last updated 8 months ago

CVSS medium 6.5

Overview

Description
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
Source
cve@mitre.org
NVD status
Modified
Products
audiofile, ubuntu_linux

Risk scores

CVSS 3.0

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov
CWE-476

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.CVE-2025-50950
  2. Sudo Inclusion of Functionality from Untrusted Control Sphere VulnerabilityCVE-2025-32463
  3. Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).CVE-2025-5054
  4. In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.CVE-2023-5616
  5. A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.CVE-2025-26466

References

Sources include official advisories and independent security research.