CVE-2019-15151

Published: Aug 18, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

Affected (3)

Products: Adplug Project: Adplug · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adplug Project Adplug	Version 2.3.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://github.com/adplug/adplug/issues/91

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/

Source: cve@mitre.org

https://github.com/adplug/adplug/issues/91

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.