Lucene search

[email protected]CVE-2019-9767

HistoryMar 14, 2019 - 9:29 a.m.

CVE-2019-9767

2019-03-1409:29:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2019-9767

stack-based buffer overflow

free mp3 cd ripper

remote execution

.wma file

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.04 Low

EPSS

Percentile

92.1%

JSON

Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.

Affected configurations

NVD

Node

cleanersoftfree_mp3_cd_ripperMatch2.6

CPENameOperatorVersion
cleanersoft:free_mp3_cd_rippercleanersoft free mp3 cd rippereq2.6

CPE	Name	Operator	Version
cleanersoft:free_mp3_cd_ripper	cleanersoft free mp3 cd ripper	eq	2.6

References

packetstormsecurity.com/files/160157/Free-MP3-CD-Ripper-2.8-Buffer-Overflow.html

packetstormsecurity.com/files/149371/Free-MP3-CD-Ripper-2.6-Local-Buffer-Overflow.html

www.exploit-db.com/exploits/45412

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2019-9767

cvelist1 nvd1 prion1 packetstorm1