Bug 1079994 - (CVE-2016-2540) VUL-1: CVE-2016-2540: Audacity: Versions before 2.1.2 allow remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.
(CVE-2016-2540)
VUL-1: CVE-2016-2540: Audacity: Versions before 2.1.2 allow remote attackers ...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/199634/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-08 07:58 UTC by Karol Babioch
Modified: 2018-02-08 07:58 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-02-08 07:58:08 UTC
CVE-2016-2540

Audacity before 2.1.2 allows remote attackers to cause a denial of service
(memory corruption and application crash) via a crafted FORMATCHUNK structure.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2540
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2540.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2540
https://fortiguard.com/zeroday/FG-VD-15-116
http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
Comment 1 Karol Babioch 2018-02-08 07:58:38 UTC
Already fixed for Leap 42.3 and openSUSE:Factory, since we ship newer versions.