Test ID:	1.3.6.1.4.1.25623.1.0.131103
Category:	Mageia Linux Local Security Checks
Title:	Mageia Linux Local Check: mgasa-2015-0408
Summary:	Mageia Linux Local Security Checks mgasa-2015-0408
Description:	Summary: Mageia Linux Local Security Checks mgasa-2015-0408 Vulnerability Insight: When libaudiofile is used to change both the number of channels of an audio file (e.g. from stereo to mono) and the sample format (e.g. from 16-bit samples to 8-bit samples), the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer overflow: e.g. when the input file has 16-bit samples and the output file has 8-bit samples, afReadFrames will treat the buffer to read the samples (argument void *data) as a pointer to int16_t instead of int8_t, therefore it will write past its end (CVE-2015-7747). Solution: Update the affected packages to the latest available version. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7747 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html http://www.openwall.com/lists/oss-security/2015/10/06/2 http://www.ubuntu.com/usn/USN-2787-1 https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch https://www.openwall.com/lists/oss-security/2015/10/08/1
Copyright	Copyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.