4.7
CVE-2017-8372
- EPSS 2.03%
- Veröffentlicht 01.05.2017 01:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Underbit ≫ Mad Libmad Version0.15.1b
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.03% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:N/A:P
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html
https://www.debian.org/security/2018/dsa-4192