Vulnerability CVE-2017-15954: Information

Description

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15954
Published: Oct. 29, 2017
Modified: Feb. 4, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
bchunksisyphus1.2.2-alt11.2.2-alt1ALT-PU-2020-3148-1260564Fixed
bchunkp101.2.2-alt11.2.2-alt1ALT-PU-2020-3148-1260564Fixed
bchunkp91.2.2-alt11.2.2-alt1ALT-PU-2020-3175-1260565Fixed
bchunkc10f11.2.2-alt11.2.2-alt1ALT-PU-2020-3148-1260564Fixed
bchunkp111.2.2-alt11.2.2-alt1ALT-PU-2020-3148-1260564Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/extramaster/bchunk/issues/3
  • Issue Tracking
  • Patch
  • Third Party Advisory
DSA-4026
  • Third Party Advisory
https://github.com/hessu/bchunk/issues/1
    [debian-lts-announce] 20171102 [SECURITY] [DLA 1158-1] bchunk security update

        1. Configuration 1

          cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

          Configuration 2

          cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*
          cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top