CVE-2018-1000223 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Soundtouch
Severity
8.8HIGHNVD
OSV5.5
EPSS
0.7%
top 27.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 20
Latest updateMay 14
Description
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2018-1000223 soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution [epel-6]↗2018-07-27
Bugzilla▶
CVE-2018-1000223 soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution [fedora-all]↗2018-07-27
Bugzilla▶
CVE-2018-1000223 soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution↗2018-07-27