{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50950", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-23T15:42:25.146Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2025-10-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-23T15:23:53.891Z"}, "descriptions": [{"lang": "en", "value": "Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/mpruett/audiofile/issues/66"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-23T15:41:32.184894Z", "id": "CVE-2025-50950", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T15:42:25.146Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-50950", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-23T15:41:32.184894Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T15:42:20.114Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/mpruett/audiofile/issues/66"}], "descriptions": [{"lang": "en", "value": "Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-23T15:23:53.891Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50950", "state": "PUBLISHED", "dateUpdated": "2025-10-23T15:42:25.146Z", "dateReserved": "2025-06-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-10-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "53FD2035-64CA-46C3-A2B1-2DAB615868C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function."}], "id": "CVE-2025-50950", "lastModified": "2025-10-28T16:22:53.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-23T16:16:30.500", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/mpruett/audiofile/issues/66"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "audiofile: NULL pointer dereference in the ModuleState::setup function", "id": "2406048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406048"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.", "A flaw was found in the Audiofile library. Processing a specially crafted input file can trigger a NULL pointer dereference, causing a crash to the application linked to the library and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-50950", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "audiofile", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "audiofile", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-10-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-50950\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-50950\nhttps://github.com/mpruett/audiofile/issues/66"], "statement": "To exploit this issue, an attacker needs to be able to process a specially crafted input file with the application linked to the Audiofile library. Additionally, the only security impact of this vulnerability is a denial of service. Due to these reasons, this flaw has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"created": "2025-10-24T10:16:54.857417+00:00", "updated": "2025-10-24T10:16:54.857463+00:00", "vendors": ["audiofile", "audiofile$PRODUCT$audiofile"]}