CVE-2018-1000223

Description

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.057

Associated Vulnerability

Vulnerability	OS Platform
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) libSoundTouch0-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) libSoundTouch0-32bit-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) libSoundTouch0-debuginfo-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) libSoundTouch0-debuginfo-32bit-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) soundtouch-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) soundtouch-debuginfo-1.7.1-5.3.1.x86_64.rpm	Linux
SUSE-SU-2018:3070-1(SUSE Linux Enterprise Desktop 12-SP3 ) soundtouch-debugsource-1.7.1-5.3.1.x86_64.rpm	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234