Vulnerabilities found in Audacity 2.3.3

We are using Windows 10 for development. I am trying to get internal approval to use the latest version of Audacity 2.3.3 for some internal training development and found multiple security vulnerabilities in the file: wxmsw311u_core_vc_custom.dll.

My options are to delete the “wxmsw311u_core_vc_custom.dll” file and recompile from source without it; or get an updated file that contains the necessary features from libtiff 4.1.0. (deleting the wxmsw311u_core_vc_custom.dll library to remove the tiff vulnerability; and then recompiling the remaining source code from scratch may have unintended consequences for our use).

The “wxmsw311u_core_vc_custom.dll” library apparently contains the contents (some or all) of Libtiff 4.0.9 which static code scanning has identified 20 Vulnerabilities, 10 of which are 7.5 or higher as reported in the NVDB. Are you planning to release an update to Audacity that adds the latest “libtiff 4.1.0” which is the latest stable release for use by the tiff development team.

I did scan libtiff 4.1.0 and only found one currently unscored Apple-related vulnerability as verified by a manual check in NIST Vulnerability DB. I would appreciate any updates or thoughts.

Perhaps you should take up the matter with wxWidgets as it is one of their dll’s:

I provided the solution that wx widgets developed which is the next version 4.1.0.

If you wish to discus the security risk and your proposed fix with the Audacity developers, their email list is here: