MitreCVE-2024-33428CVE-2024-33428
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
References
github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png
github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md
github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc
github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-1
github.com/stsaz/phiola/issues/29
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%