Synopsis: Moderate: audiofile security update Advisory ID: SLSA-2020:3877-1 Issue Date: 2020-10-01 CVE Numbers: None -- Security Fix(es): * audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert (CVE-2018-17095) * audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of service via crafted file (CVE-2018-13440) -- SL7 x86_64 audiofile-0.3.6-9.el7.i686.rpm audiofile-0.3.6-9.el7.x86_64.rpm audiofile-debuginfo-0.3.6-9.el7.i686.rpm audiofile-debuginfo-0.3.6-9.el7.x86_64.rpm audiofile-devel-0.3.6-9.el7.i686.rpm audiofile-devel-0.3.6-9.el7.x86_64.rpm - Scientific Linux Development Team