Описание
A flaw was found in miniaudio. An attacker can exploit a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser by processing a specially crafted WAV file. This vulnerability, caused by improper null-termination handling in the coding history field, allows for out-of-bounds reads past the allocated metadata pool. Successful exploitation can lead to application crashes or a denial of service.
Отчет
This MODERATE vulnerability affects miniaudio and imhex in Red Hat Community Projects. A heap out-of-bounds read in the WAV BEXT parser is triggered by processing crafted WAV files. Exploitation requires user interaction to open the malicious file (UI:R) and local access. Impact is limited to availability through application crashes.
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
(miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...)
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.
5.5 Medium
CVSS3