CVE-2017-15185
MEDIUM5.0EPSS 0.20%Published: 10/9/2017Modified: 4/28/2026
Description
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Affected packages (1)
- Debian/mp3spltfrom 0, < 2.6.2+20170630-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.0 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |