exploitDog

CVE-2019-18796

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 7.1

EPSS Низкий

Описание

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Ссылки

http://www.un4seen.com/
Vendor Advisory
https://github.com/staufnic/CVE/tree/master/CVE-2019-18796
Third Party Advisory
http://www.un4seen.com/
Vendor Advisory
https://github.com/staufnic/CVE/tree/master/CVE-2019-18796
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:un4seen:bass:*:*:*:*:*:windows:*:*

Версия до 2.4.14.1 (включая)

EPSS

Процентиль: 53%

0.00299

Низкий

6.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-835

Связанные уязвимости

GHSA-ph5g-xqg4-3v7h

github

больше 3 лет назад

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

EPSS

Процентиль: 53%

0.00299

Низкий

6.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-835