Veracode Vulnerability DatabaseVERACODE:44353Heap Buffer Overflow
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%
libaudiofile.so is vulnerable to Heap Buffer Overflow. The vulnerability is due to a missing validation for a variable numCoefficients for the lower and upper bound value within libaudiofile/WAVE.cpp. An attacker can crash the application by exploiting this vulnerability by using a crafted wav file resulting in a Denial Of Service (DOS) by triggering the executable sfconvert.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libaudiofile.so | le | 1.0.0-0.3.6-36.el8.s390x.debug | |
| libaudiofile.so | le | 1.0.0-0.3.6-36.el8.s390x.debug |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%