Vulnerability Description
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libmp3Splt Project | Libmp3Splt | 0.9.2 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Jul/82Mailing ListNot ApplicableThird Party Advisory
- https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb93Not ApplicableThird Party Advisory
- https://lists.debian.org/debian-lts/2017/09/msg00115.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/42399/Not ApplicableThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Jul/82Mailing ListNot ApplicableThird Party Advisory
- https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb93Not ApplicableThird Party Advisory
- https://lists.debian.org/debian-lts/2017/09/msg00115.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/42399/Not ApplicableThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-15185?
CVE-2017-15185 is a vulnerability with a CVSS score of 5.0 (MEDIUM). plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (a...
How severe is CVE-2017-15185?
CVE-2017-15185 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15185?
Check the references section above for vendor advisories and patch information. Affected products include: Libmp3Splt Project Libmp3Splt.