exploitDog

CVE-2017-7604

Опубликовано: 09 апр. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

Ссылки

https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/202209-13
Third Party Advisory
https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/202209-13
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libaacplus_project:libaacplus:2.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00208

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-76x4-fmxg-fr2x

CVSS3: 7.8

github

больше 3 лет назад

au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

EPSS

Процентиль: 43%

0.00208

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20