Lucene search

MitreCVE-2017-14412

HistorySep 13, 2017 - 3:29 a.m.

CVE-2017-14412

2017-09-1303:29:00

CWE-787

mitre

web.nvd.nist.gov

cve-2017-14412

invalid memory write

copy_mp

interface.c

mpglibdbl

denial of service

segmentation fault

application crash

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.

Affected configurations

Nvd

Node

mp3gainmp3gainMatch1.5.2

VendorProductVersionCPE
mp3gainmp3gain1.5.2cpe:2.3:a:mp3gain:mp3gain:1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mp3gain	mp3gain	1.5.2	cpe:2.3:a:mp3gain:mp3gain:1.5.2:::::::*

References

blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Related for CVE-2017-14412