CVE-2017-11126

Опубликовано: 10 июл. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.

Ссылки

http://openwall.com/lists/oss-security/2017/07/10/4
Mailing List
Patch
Third Party Advisory
https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/
Patch
Third Party Advisory
VDB Entry
http://openwall.com/lists/oss-security/2017/07/10/4
Mailing List
Patch
Third Party Advisory
https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/
Patch
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:*:*

Версия до 1.25.1 (включая)

EPSS

Процентиль: 73%

0.00783

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-11126

CVSS3: 5.5

ubuntu

больше 8 лет назад

CVE-2017-11126

CVSS3: 5.5

debian

больше 8 лет назад

The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...

GHSA-mfqq-9fqv-736q

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 73%

0.00783

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125