CVE-2024-33431

MEDIUM

Stsaz Phiola - Denial of Service

Title source: rule

Description

An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.

References (7)

[Exploit] https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png

[Exploit] https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md

[Exploit] https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G

[Exploit] https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1

[Exploit] https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc

[Product] https://github.com/stsaz/phiola/

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/stsaz/phiola/issues/27

Scores

CVSS v3 6.5

EPSS 0.0133

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (1)

stsaz/phiola 2.0 rc22

Published May 01, 2024

Tracked Since Feb 18, 2026