Published: 28/10/2017 Updated: 04/02/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
bchunk project bchunk 1.2.1
bchunk project bchunk 1.2.0

Debian Bug report logs - #880116 CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955 Package: bchunk; Maintainer for bchunk is Praveen Arimbrathodiyil <pravia@gmailcom>; Source for bchunk is src:bchunk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 29 Oct 2017 17:30:02 UTC Severity: ...

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input This would allow malicious users to crash the application or potentially execute arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1 ...

bchunk (related to BinChunker) 120 and 121 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (cue) file ...

CWE-119 https://github.com/extramaster/bchunk/issues/2 https://www.debian.org/security/2017/dsa-4026 https://github.com/hessu/bchunk/issues/1 https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116 https://nvd.nist.gov https://www.debian.org/security/./dsa-4026 https://security.archlinux.org/CVE-2017-15953

CVE-2017-15953

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect