CVE-2024-32944

Summary

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed.

Affected Software

VendorProductVersion RangeStatus
ameya/ayameUTAUprior to v0.4.19affected

Weaknesses

  • Path traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References