Vulnerability Details CVE-2003-0075
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=104428700106672&w=2
- http://marc.info/?l=bugtraq&m=104446346127432&w=2
- http://www.iss.net/security_center/static/11227.php
- http://www.pivx.com/luigi/adv/blade942-adv.txt
- http://www.securityfocus.com/bid/6745
- http://marc.info/?l=bugtraq&m=104428700106672&w=2
- http://marc.info/?l=bugtraq&m=104446346127432&w=2
- http://www.iss.net/security_center/static/11227.php
- http://www.pivx.com/luigi/adv/blade942-adv.txt
- http://www.securityfocus.com/bid/6745
Products affected by CVE-2003-0075
-
cpe:2.3:a:bladeenc:bladeenc:0.92.7
-
cpe:2.3:a:bladeenc:bladeenc:0.93.10
-
cpe:2.3:a:bladeenc:bladeenc:0.94.0
-
cpe:2.3:a:bladeenc:bladeenc:0.94.1
-
cpe:2.3:a:bladeenc:bladeenc:0.94.2