Lucene search

GoogleOSV:PYSEC-2017-75

HistoryNov 29, 2017 - 7:29 a.m.

PYSEC-2017-75

2017-11-2907:29:00

Google

osv.dev

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

21.2%

JSON

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

CPENameOperatorVersion
aubioeq0.4.6
aubioeq0.4.3.post1
aubioeq0.4.5
aubioeq0.4.3
aubioeq0.4.3a2
aubioeq0.4.4
aubioeq0.4.3a1

Name	Operator	Version
aubio	eq	0.4.6
aubio	eq	0.4.3.post1
aubio	eq	0.4.5
aubio	eq	0.4.3
aubio	eq	0.4.3a2
aubio	eq	0.4.4
aubio	eq	0.4.3a1

References

github.com/aubio/aubio/issues/148

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for OSV:PYSEC-2017-75