Id:
CVE-2017-15018
Comment
:
LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.
CVSSv2 Score:
4.3
Access vector:
|
NETWORK
|
Access complexity:
|
MEDIUM
|
Authentication:
|
NONE
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
PARTIAL
|
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
|
LOCAL
|
Attack complexity:
|
LOW
|
Privileges required:
|
NONE
|
User interaction:
|
REQUIRED
|
Scope:
|
UNCHANGED
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
HIGH
|
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References: