Debian 9990 Published by

An audiofile security update has been released for Debian GNU/Linux 10 LTS to address two security issues.

[SECURITY] [DLA 3650-1] audiofile security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3650-1 Bastien Roucariès
November 12, 2023
- -------------------------------------------------------------------------

Package : audiofile
Version : 0.3.6-5+deb10u1
CVE ID : CVE-2019-13147 CVE-2022-24599
Debian Bug : 931343 1008017

The audiofile library allows the processing of audio data to and
from audio files of many common formats (currently AIFF, AIFF-C,
WAVE, NeXT/Sun, BICS, and raw data).


Audiofile was vulnerable due to an integer overflow.
Bail out early if NeXT audio files include too many channels.


A memory leak was found due to reading not null
terminated copyright field. Preallocate zeroed memory and
always NUL terminates C strings.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your audiofile packages.

For the detailed security status of audiofile please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: