PT-2017-12096 · Mpg321+1 · Mpg321+1

Qflb.Wu

Publicado

2017-08-01

Atualizado

2019-02-14

CVE-2017-11552

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions mpg321 version 0.3.2-1

Description The issue is related to improper memory management in mpg321 when used with libmad, which can be exploited by remote attackers using a crafted MP3 file. This can cause a denial of service due to memory corruption, leading to a crash in the mad decoder run function in libmad's decoder.c.

Recommendations For mpg321 version 0.3.2-1, consider updating to a newer version that properly manages memory for use with libmad to prevent memory corruption and denial of service attacks.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-11552

MGASA-2019-0078

Produtos afetados

Libmad

Mpg321

PT-2017-12096 · Mpg321+1 · Mpg321+1

CVE-2017-11552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16