CVE-2022-24599

Published: Feb 24, 2022Modified: Nov 3, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Affected (5)

Products: Audiofile: Audiofile · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Audiofile Audiofile	Version 0.3.6

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (11)

https://github.com/mpruett/audiofile/issues/60

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html

Source: cve@mitre.org

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/

Source: cve@mitre.org

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/

Source: cve@mitre.org

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/

Source: cve@mitre.org

Mailing List

https://github.com/mpruett/audiofile/issues/60

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2025/07/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.