CVE-2017-12779

Опубликовано: 10 нояб. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

Ссылки

http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/19
Mailing List
Third Party Advisory
https://github.com/Matroska-Org/foundation-source/issues/24
Issue Tracking
http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/19
Mailing List
Third Party Advisory
https://github.com/Matroska-Org/foundation-source/issues/24
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matroska:mkvalidator:0.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00464

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-hfhw-h84g-5f8p