CVE-2017-15185

描述

plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

受影響套件(1)

• Debian/mp3spltfrom 0, < 2.6.2+20170630-2

CVSS 分數

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-15185