CVE-2017-15185

Name of the Vulnerable Software and Affected Versions Libmp3splt version 0.9.2

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, by providing a crafted file containing invalid input. This is due to the vorbis block clear function from the libvorbis library being called with uninitialized data in the plugins/ogg.c file of Libmp3splt.

Recommendations For Libmp3splt version 0.9.2, as a temporary workaround, consider avoiding the use of crafted files that may trigger the denial of service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.