The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.0.0 |
An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | 4.1.0 |
An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linuxsampler | libgig | * |