PT-2020-9985 · Unknown · Bass Audio Library

Published

2020-10-16

Updated

2020-10-27

CVE-2019-18795

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: BASS Audio Library version 2.4.14

Description: The issue is related to an out of bounds read vulnerability via a crafted .wav file, specifically through the BASS StreamCreateFile function. This can be exploited by an attacker to gain access to sensitive information, potentially aiding in further attacks. A failed exploitation attempt may result in a denial of service.

Recommendations: For version 2.4.14, consider restricting the use of the BASS StreamCreateFile function until a patch is available to prevent potential exploitation. Additionally, avoid using crafted .wav files to minimize the risk of triggering this issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-18795

Affected Products

Bass Audio Library

PT-2020-9985 · Unknown · Bass Audio Library

CVE-2019-18795

Weakness Enumeration

Related Identifiers

Affected Products

References · 4