CVE-2019-18794

Published: Oct 16, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.

Affected (1)

Products: Un4seen: Bass

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Un4seen Bass	Up to 2.4.14.1

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

http://www.un4seen.com/

Source: cve@mitre.org

Vendor Advisory

https://github.com/staufnic/CVE/tree/master/CVE-2019-18794

Source: cve@mitre.org

Third Party Advisory

http://www.un4seen.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/staufnic/CVE/tree/master/CVE-2019-18794

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.