Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. References: https://github.com/GitHubAssessments/CVE_Assessments_10_2019 https://packetstormsecurity.com/files/140365/Audacity-2.1.2-DLL-Hijacking.html
The referenced disclosure thread seems to suggest that only the Windows version of Audacity is susceptible to this - so is this really an actionable CVE for the Linux packages? (yes, I realize I need to update the package anyway to get to the recent version - but upstream politics has annoyed me recently so I haven't had the bandwidth to do that yet). Basically my question is this: what is the attack surface on the Linux package for this?