CVE-2017-18207
MEDIUMPython < 3.6.4 - Denial of Service via Crafted WAV File Channel Value
Title source: llmDescription
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.python.org/issue32056
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Scores
CVSS v3
6.5
EPSS
0.0047
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-369
Status
published
Products (1)
python/python
< 3.6.4
Published
Mar 01, 2018
Tracked Since
Feb 18, 2026