CVE-2015-7747: 
CBL Mariner vulnerability analysis and mitigation

CVE-2015-7747 is a buffer overflow vulnerability discovered in the afReadFrames function in audiofile (also known as libaudiofile and Audio File Library). The vulnerability was discovered by Fabrizio Gennari and disclosed in October 2015. The issue affects audiofile versions prior to 0.3.6 and impacts multiple Linux distributions including Ubuntu, Fedora, and Debian (NVD, Ubuntu Notice).

The vulnerability occurs when libaudiofile is used to change both the number of channels of an audio file (e.g., from stereo to mono) and the sample format (e.g., from 16-bit samples to 8-bit samples) simultaneously. When the new sample format is smaller than the old one, afReadFrames incorrectly treats the buffer pointer as a pointer to int16_t instead of int8_t, leading to a buffer overflow condition. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow user-assisted remote attackers to cause a denial of service (program crash) or potentially execute arbitrary code via a specially crafted audio file. The vulnerability is particularly concerning as it can be triggered through normal file processing operations (Ubuntu Notice, NVD).

The vulnerability has been patched in multiple Linux distributions. Ubuntu released security updates for versions 12.04 LTS (libaudiofile1 0.3.3-2ubuntu0.1), 14.04 LTS (libaudiofile1 0.3.6-2ubuntu0.14.04.1), 15.04 (libaudiofile1 0.3.6-2ubuntu0.15.04.1), and 15.10 (libaudiofile1 0.3.6-2ubuntu0.15.10.1). Users are advised to update their systems to the patched versions (Ubuntu Notice).