ID CVE-2017-11550
Summary The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
References
Vulnerable Configurations
  • cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*
    cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 02-08-2017 - 18:20)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
misc http://seclists.org/fulldisclosure/2017/Jul/85
Last major update 02-08-2017 - 18:20
Published 31-07-2017 - 13:29
Last modified 02-08-2017 - 18:20
Back to Top