Base Score

HIGH7.5

CVE-2018-19801

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

VectorNETWORK

Published Bycve@mitre.org

Published DateJun 07, 2019, 17:29

Affected Versions(1)

aubio(PyPI)

Introduced0.4.0

Fixed0.4.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
aubio(PyPI)	0.4.0	0.4.9	N/A

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html
https://github.com/aubio/aubio/blob/0.4.9/ChangeLog
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/

Base Score

HIGH7.5

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH