ID CVE-2017-15955
Summary bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • cpe:2.3:a:bchunk_project:bchunk:1.2.0
    cpe:2.3:a:bchunk_project:bchunk:1.2.0
  • cpe:2.3:a:bchunk_project:bchunk:1.2.1
    cpe:2.3:a:bchunk_project:bchunk:1.2.1
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1158.NASL
    description Several vulnerabilities were discovered in bchunk, a tool to convert a CD image in .bin/.cue format into a set of .iso and .cdr/.wav tracks. It was possible to trigger a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. For Debian 7 'Wheezy', these problems have been fixed in version 1.2.0-12+deb7u1. We recommend that you upgrade your bchunk packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-06
    plugin id 104364
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104364
    title Debian DLA-1158-1 : bchunk security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_279F682C0E9E11E883E7485B3931C969.NASL
    description Mitre reports : bchunk 1.2.0 and 1.2.1 is vulnerable to an 'Access violation near NULL on destination operand' and crash when processing a malformed CUE (.cue) file.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 106811
    published 2018-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106811
    title FreeBSD : bchunk -- access violation near NULL on destination operand and crash (279f682c-0e9e-11e8-83e7-485b3931c969)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4026.NASL
    description Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 104482
    published 2017-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104482
    title Debian DSA-4026-1 : bchunk - security update
refmap via4
confirm https://github.com/hessu/bchunk/issues/2
debian DSA-4026
misc https://github.com/extramaster/bchunk/issues/4
mlist [debian-lts-announce] 20171102 [SECURITY] [DLA 1158-1] bchunk security update
Last major update 28-10-2017 - 17:29
Published 28-10-2017 - 17:29
Last modified 03-02-2018 - 21:29
Back to Top