Candidate: CVE-2017-15185
PublicDate: 2017-10-09 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15185
 http://seclists.org/fulldisclosure/2017/Jul/82
 https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
 https://lists.debian.org/debian-lts/2017/09/msg00115.html
 https://www.exploit-db.com/exploits/42399/
Description:
 plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear
 function with uninitialized data upon detection of invalid input, which
 allows remote attackers to cause a denial of service (application crash)
 via a crafted file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H [5.0 MEDIUM]


Patches_libmp3splt:
 debian: https://salsa.debian.org/ron/mp3splt/commit/18f018cd774cb931116ce06a520dc0c5f9443932
upstream_libmp3splt: needed
precise/esm_libmp3splt: DNE
trusty_libmp3splt: ignored (reached end-of-life)
trusty/esm_libmp3splt: DNE (trusty was needed)
vivid/ubuntu-core_libmp3splt: DNE
xenial_libmp3splt: ignored (end of standard support, was needed)
zesty_libmp3splt: ignored (reached end-of-life)
artful_libmp3splt: ignored (reached end-of-life)
bionic_libmp3splt: DNE
cosmic_libmp3splt: DNE
disco_libmp3splt: DNE
eoan_libmp3splt: DNE
focal_libmp3splt: DNE
groovy_libmp3splt: DNE
hirsute_libmp3splt: DNE
impish_libmp3splt: DNE
jammy_libmp3splt: DNE
devel_libmp3splt: DNE