CVE-2017-11552

{"id": "CVE-2017-11552", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-08-01T13:29:00.187", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Jul/94", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/42409/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file."}, {"lang": "es", "value": "mpg321.c en mpg321 0.3.2-1 no gestiona correctamente la memoria para emplear con libmad 0.15.1b. Esto permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria vista en un cierre inesperado en la funci\u00f3n mad_decoder_run en decoder.c en libmad) mediante un archivo MP3 manipulado."}], "lastModified": "2018-01-09T02:29:05.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:underbit:mad_libmad:0.15.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077DFA99-A61D-4FDA-BAB2-BE680A798DE4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}