nvd-json-data-feeds/CVE-2017/CVE-2017-144xx/CVE-2017-14408.json

{
  "id": "CVE-2017-14408",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2017-09-13T03:29:00.463",
  "lastModified": "2017-09-18T13:57:58.677",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service."
    },
    {
      "lang": "es",
      "value": "Existe una sobrelectura de b\u00fafer basada en pila en dct36 en layer3.c en mpglibDBL, como en el caso de la versi\u00f3n 1.5.2 de MP3Gain. Esta vulnerabilidad provoca el cierre inesperado de la aplicaci\u00f3n, lo que puede dar lugar a una denegaci\u00f3n de servicio remota."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mp3gain:mp3gain:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "195E1AA2-59CA-4CE2-B3DC-1BF97C2A4E54"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2017-14408",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2017-09-13T03:29:00.463",`
			`"lastModified": "2017-09-18T13:57:58.677",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Existe una sobrelectura de b\u00fafer basada en pila en dct36 en layer3.c en mpglibDBL, como en el caso de la versi\u00f3n 1.5.2 de MP3Gain. Esta vulnerabilidad provoca el cierre inesperado de la aplicaci\u00f3n, lo que puede dar lugar a una denegaci\u00f3n de servicio remota."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 3.6`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "MEDIUM",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "PARTIAL",`
			`"baseScore": 4.3`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 8.6,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": true`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-125"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mp3gain:mp3gain:1.5.2:::::::*",`
			`"matchCriteriaId": "195E1AA2-59CA-4CE2-B3DC-1BF97C2A4E54"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`