CVE-2016-2540

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2540
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2540.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2540
Downstream
Published
2018-02-07T17:29:00Z
Modified
2025-09-05T05:59:59.563578Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.

References

Affected packages

Debian:11 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:14 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/audacity/audacity

Affected ranges

Type
GIT
Repo
https://github.com/audacity/audacity
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
53b8fd534e2051a992f5a3db35feb02b8e516fa0

Affected versions

Audacity-1.*

Audacity-1.3.12
Audacity-1.3.13
Audacity-1.3.14
Audacity-1.3.15

Audacity-2.*

Audacity-2.0.0
Audacity-2.0.1
Audacity-2.0.2
Audacity-2.0.3
Audacity-2.0.4
Audacity-2.0.5
Audacity-2.0.6
Audacity-2.1.0
Audacity-2.1.1

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2016-2540-518b30c1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "66864588947979753484225749660263159203",
                    "267987750409292518280316596967873861509",
                    "11202172672454491329816081171567493709",
                    "115795955333616436983341194630885713759",
                    "254059627534711714374801358871806589395",
                    "202260647511678443568586201882322637156"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/ViewInfo.cpp"
            },
            "source": "https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0",
            "deprecated": false
        },
        {
            "id": "CVE-2016-2540-7fd33770",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "38399647438157856831809089895972873921",
                    "228096807239596364983888216631011599933",
                    "314857515575042533231178717339280927061",
                    "315310807940520099516996115758888315983",
                    "88759457098864477622206839694474646103",
                    "228161729867802652376416023962417280369",
                    "83616748671819158051436165844294323091",
                    "5871137730356298193096649149970739113",
                    "167702642452076325727583795174263460522",
                    "7556371000701191095287994382590672588",
                    "308538708546675427086624936098229719848",
                    "211107071068749770187730401962487347671",
                    "197639651603026078509229707447547955153",
                    "42484582116663894539100206822463444234",
                    "300611510128631336159152611204694431406",
                    "153312063652465889078841423862306168127",
                    "167891495649134609487019187049795998634",
                    "24718313641207123188331133858906875488",
                    "215370593398757933198569397815959560698"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/TrackArtist.cpp"
            },
            "source": "https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0",
            "deprecated": false
        },
        {
            "id": "CVE-2016-2540-e7c7cf2f",
            "digest": {
                "length": 137.0,
                "function_hash": "1611930867571478740505099216951801919"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "ZoomInfo::TimeToPosition",
                "file": "src/ViewInfo.cpp"
            },
            "source": "https://github.com/audacity/audacity/commit/53b8fd534e2051a992f5a3db35feb02b8e516fa0",
            "deprecated": false
        }
    ]
}