8.8

CVE-2018-17095

Exploit
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AudiofileAudiofile Version0.3.0
AudiofileAudiofile Version0.3.1
AudiofileAudiofile Version0.3.2
AudiofileAudiofile Version0.3.3
AudiofileAudiofile Version0.3.4
AudiofileAudiofile Version0.3.5
AudiofileAudiofile Version0.3.6
CanonicalUbuntu Linux Version14.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.65% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/3800-1/
Patch
Vendor Advisory
https://github.com/mpruett/audiofile/issues/50
Third Party Advisory
Exploit
Issue Tracking
https://github.com/mpruett/audiofile/issues/51
Third Party Advisory
Exploit
Issue Tracking