CVE-2017-15185

MEDIUM

Libmp3splt - Improper Input Validation

Title source: rule

Description

plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Exploits (1)

exploitdb WORKING POC

by qflb.wu · textdoslinux

https://www.exploit-db.com/exploits/42399

View Code ZIP pw:eip

References (4)

Core 4

Core References

Mailing List, Not Applicable, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Jul/82

Not Applicable, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42399/

Third Party Advisory x_refsource_misc

https://lists.debian.org/debian-lts/2017/09/msg00115.html

Not Applicable, Third Party Advisory x_refsource_misc

https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932

Scores

CVSS v3 5.0

EPSS 0.0020

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

libmp3splt_project/libmp3splt 0.9.2

Published Oct 09, 2017

Tracked Since Feb 18, 2026