Lucene search

[email protected]NVD:CVE-2017-14408

HistorySep 13, 2017 - 3:29 a.m.

CVE-2017-14408

2017-09-1303:29:00

CWE-125

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.8%

JSON

A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.

Affected configurations

Nvd

Node

mp3gainmp3gainMatch1.5.2

VendorProductVersionCPE
mp3gainmp3gain1.5.2cpe:2.3:a:mp3gain:mp3gain:1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mp3gain	mp3gain	1.5.2	cpe:2.3:a:mp3gain:mp3gain:1.5.2:::::::*

References

blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.8%

JSON

Related for NVD:CVE-2017-14408

prion1 cvelist1 cve1 ubuntucve1 debiancve1 mageia1 openvas1