Ubuntu.comUB:CVE-2018-1000050CVE-2018-1000050
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
70.5%
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow
vulnerability in All vorbis decoding paths. that can result in memory
corruption, denial of service, comprised execution of host program. This
attack appear to be exploitable via Victim must open a specially crafted
Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
References
github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab
github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
launchpad.net/bugs/cve/CVE-2018-1000050
nvd.nist.gov/vuln/detail/CVE-2018-1000050
security-tracker.debian.org/tracker/CVE-2018-1000050
www.cve.org/CVERecord?id=CVE-2018-1000050
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
70.5%