In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. https://github.com/mpruett/audiofile/issues/60
Created audiofile tracking bugs for this issue: Affects: epel-8 [bug 2058373]
Created audiofile tracking bugs for this issue: Affects: fedora-34 [bug 2058374] Affects: fedora-35 [bug 2058375]
Created audiofile tracking bugs for this issue: Affects: fedora-34 [bug 2058376] Affects: fedora-35 [bug 2058377]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24599