Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jetaudio | jetaudio | 8.0.17 |
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jetaudio | jetaudio | 8.0.4 |
| jetaudio | jetaudio | 8.0 |
| jetaudio | jetaudio | 8.0.7.1000 |
| jetaudio | jetaudio | 8.1.0 |
| jetaudio | jetaudio | 8.0.7 |
| jetaudio | jetaudio | 8.0.9 |
| jetaudio | jetaudio | 8.0.10 |
| jetaudio | jetaudio | 8.0.17 |
| jetaudio | jetaudio | 8.0.11 |
| jetaudio | jetaudio | 8.0.1 |
| jetaudio | jetaudio | 8.0.5 |
| jetaudio | jetaudio | 8.0.8 |
| jetaudio | jetaudio | 8.0.6 |
| jetaudio | jetaudio | 8.0.14 |
| jetaudio | jetaudio | 8.0.12 |
| jetaudio | jetaudio | 8.0.2 |
| jetaudio | jetaudio | 8.0.16 |
| jetaudio | jetaudio | 8.0.15 |
| jetaudio | jetaudio | * |
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jetaudio | jetaudio | 8.1.7 |