PT-2017-11930 · Divfix++ · Divfix++
Qflb.Wu
·
Published
2017-07-31
·
Updated
2017-08-12
·
CVE-2017-11330
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
DivFix++ version 0.34
Description
The issue allows remote attackers to cause a denial of service, resulting in an invalid memory write and application crash, via a crafted avi file. This is due to a problem in the DivFixppCore::avi header fix function in DivFix++Core.cpp.
Recommendations
For DivFix++ version 0.34, consider avoiding the use of crafted avi files until a patch is available. As a temporary workaround, restrict the processing of avi files to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Divfix++