PT-2017-3721 · Mad · Libmad

Agostino Sarubbo

Publicado

2017-04-30

Atualizado

2018-05-20

CVE-2017-8374

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Libmad version 0.15.1b

Description: The issue is related to the mad bit skip function in the bit.c file of the Libmad MPEG audio decoder, which can cause a heap-based buffer over-read and application crash when processing a specially crafted audio file. This can allow a remote attacker to cause a denial of service.

Recommendations: For Libmad version 0.15.1b, consider avoiding the use of the mad bit skip function until a patch is available. As a temporary workaround, restrict the processing of audio files from untrusted sources to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2018-01490

CVE-2017-8374

DLA-1380-1

DSA-4192-1

MGASA-2018-0019

OPENSUSE-SU-2018:0527-1

OPENSUSE-SU-2018:0528-1

OPENSUSE-SU-2024:10954-1

Produtos afetados

Libmad

PT-2017-3721 · Mad · Libmad

CVE-2017-8374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24