MidnightBSD

Advisories for jetaudio

CVE-2013-2691 HIGH

Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
jetaudio jetaudio 8.0.17
CVE-2014-3443 MEDIUM

JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
jetaudio jetaudio 8.0.4
jetaudio jetaudio 8.0
jetaudio jetaudio 8.0.7.1000
jetaudio jetaudio 8.1.0
jetaudio jetaudio 8.0.7
jetaudio jetaudio 8.0.9
jetaudio jetaudio 8.0.10
jetaudio jetaudio 8.0.17
jetaudio jetaudio 8.0.11
jetaudio jetaudio 8.0.1
jetaudio jetaudio 8.0.5
jetaudio jetaudio 8.0.8
jetaudio jetaudio 8.0.6
jetaudio jetaudio 8.0.14
jetaudio jetaudio 8.0.12
jetaudio jetaudio 8.0.2
jetaudio jetaudio 8.0.16
jetaudio jetaudio 8.0.15
jetaudio jetaudio *
CVE-2019-25562

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
jetaudio jetaudio 8.1.7