Описание
[REJECTED CVE] A vulnerability was identified in the mp3splt package where an uninitialized structure with garbage values could be passed to libvorbis after an error was triggered on a malformed file. An attacker could exploit this by crafting a specially designed audio file that causes the application to crash instead of exiting cleanly. This issue was determined to have minimal security impact and the CVE has been rejected by MITRE.
Отчет
Note: CVE-2017-11735 was originally reported as a libvorbis issue but later confirmed to affect mp3splt. The vulnerability was determined to be a low-impact crash (caused by uninitialized memory) and not a true security flaw. As a result, the CVE entry was rejected by MITRE. No action is required for our products. https://lists.debian.org/debian-lts/2017/09/msg00115.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvorbis | Not affected | ||
| Red Hat Enterprise Linux 6 | libvorbis | Not affected | ||
| Red Hat Enterprise Linux 7 | libvorbis | Not affected |
Показывать по
Дополнительная информация
3.3 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none
3.3 Low
CVSS3