Lucene search

[email protected]CVE-2017-6834

HistoryMar 20, 2017 - 4:59 p.m.

CVE-2017-6834

2017-03-2016:59:02

CWE-119

[email protected]

web.nvd.nist.gov

154

cve-2017-6834

audio file library

g711.cpp

buffer overflow

denial of service

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Affected configurations

NVD

Node

audiofileaudiofileMatch0.2.7

audiofileaudiofileMatch0.3.0

audiofileaudiofileMatch0.3.1

audiofileaudiofileMatch0.3.2

audiofileaudiofileMatch0.3.3

audiofileaudiofileMatch0.3.4

audiofileaudiofileMatch0.3.5

audiofileaudiofileMatch0.3.6

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

CPENameOperatorVersion
audiofile:audiofileaudiofileeq0.2.7
audiofile:audiofileaudiofileeq0.3.0
audiofile:audiofileaudiofileeq0.3.1
audiofile:audiofileaudiofileeq0.3.2
audiofile:audiofileaudiofileeq0.3.3
audiofile:audiofileaudiofileeq0.3.4
audiofile:audiofileaudiofileeq0.3.5
audiofile:audiofileaudiofileeq0.3.6

CPE	Name	Operator	Version
audiofile:audiofile	audiofile	eq	0.2.7
audiofile:audiofile	audiofile	eq	0.3.0
audiofile:audiofile	audiofile	eq	0.3.1
audiofile:audiofile	audiofile	eq	0.3.2
audiofile:audiofile	audiofile	eq	0.3.3
audiofile:audiofile	audiofile	eq	0.3.4
audiofile:audiofile	audiofile	eq	0.3.5
audiofile:audiofile	audiofile	eq	0.3.6