Releases56
Frequency2 years 3 months
Last Release
Audacity is free, open source, cross-platform software for recording and editing sounds. ## Features - Record live audio. - Convert tapes and records into digital recordings or CDs. - Edit Ogg Vorbis, MP3, WAV or AIFF sound files. - Cut, copy, splice or mix sounds together. - Change the speed or pitch of a recording. - Add new effects with LADSPA plug-ins. - And more! See [full list of features](https://www.audacityteam.org/about/features). ## Notes **If the package is out of date please check [Version History](#versionhistory) for the latest submitted version. If you have a question, please ask it in [Chocolatey Community Package Discussions](https://github.com/chocolatey-community/chocolatey-packages/discussions) or raise an issue on the [Chocolatey Community Packages Repository](https://github.com/chocolatey-community/chocolatey-packages/issues) if you have problems with the package. Disqus comments will generally not be responded to.**

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
<= 2.3.33.3 LOW2.1 LOW

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

< 2.1.24.3 MEDIUM

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.

< 2.1.24.3 MEDIUM

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.

>= 2.1.2, <= 2.3.27.8 HIGH6.8 MEDIUM

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.

< 1.3.69.3 HIGH

Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.

= 1.3.25 MEDIUM

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.