CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7604

au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.8%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/
https://security.gentoo.org/glsa/202209-13
https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/
https://security.gentoo.org/glsa/202209-13

Products affected by CVE-2017-7604

Libaacplus Project » Libaacplus » Version: 2.0.2

cpe:2.3:a:libaacplus_project:libaacplus:2.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7604

Products

Pricing

Contact Us