VulnerableCode Package Details - pkg:pypi/aubio@0.4.3a1

Search for packages

Vulnerability	Summary	Fixed by
VCID-7kh4-36ar-vqdc Aliases: CVE-2018-19802 GHSA-c6jq-h4jp-72pr PYSEC-2019-164	aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.	0.4.9 Affected by 0 other vulnerabilities.
VCID-b3wr-n1xr-qqdc Aliases: CVE-2017-17054 GHSA-vcwx-8mqh-2557 PYSEC-2017-75	In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bgwj-p1y1-mycb Aliases: CVE-2018-19800 GHSA-grmf-4fq6-2r79 PYSEC-2019-162	aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.	0.4.9 Affected by 0 other vulnerabilities.
VCID-dzqc-z43a-x3ax Aliases: CVE-2018-14523 GHSA-3x58-8qmv-wqw5 PYSEC-2018-63	An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k5dk-dngq-3ycy Aliases: CVE-2018-19801 GHSA-7vvr-h4p5-m7fh PYSEC-2019-163	aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.	0.4.9 Affected by 0 other vulnerabilities.
VCID-rjun-r6sr-dqfa Aliases: CVE-2017-17554 GHSA-45h5-cqqw-9rjw PYSEC-2017-76	A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tjwq-k1wm-ybdg Aliases: CVE-2018-14521 GHSA-rcv6-7hmv-fj7h PYSEC-2018-61	An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w9yc-7p9j-pycd Aliases: CVE-2017-17555 PYSEC-2017-77	The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xbc2-r4ma-w7hs Aliases: CVE-2018-14522 GHSA-g7g8-mx45-x4c8 PYSEC-2018-62	An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.	0.4.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7kh4-36ar-vqdc
Aliases:
CVE-2018-19802
GHSA-c6jq-h4jp-72pr
PYSEC-2019-164

aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.

0.4.9
Affected by 0 other vulnerabilities.

VCID-b3wr-n1xr-qqdc
Aliases:
CVE-2017-17054
GHSA-vcwx-8mqh-2557
PYSEC-2017-75

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.