CVE Vulnerabilities

CVE-2017-5666

Use After Free

Published: Mar 01, 2017 | Modified: Apr 20, 2025
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Mp3splt Mp3splt_project 2.6.2 (including) 2.6.2 (including)
Mp3splt Ubuntu artful *
Mp3splt Ubuntu bionic *
Mp3splt Ubuntu cosmic *
Mp3splt Ubuntu devel *
Mp3splt Ubuntu disco *
Mp3splt Ubuntu eoan *
Mp3splt Ubuntu esm-apps/bionic *
Mp3splt Ubuntu esm-apps/focal *
Mp3splt Ubuntu esm-apps/jammy *
Mp3splt Ubuntu esm-apps/noble *
Mp3splt Ubuntu esm-apps/xenial *
Mp3splt Ubuntu focal *
Mp3splt Ubuntu groovy *
Mp3splt Ubuntu hirsute *
Mp3splt Ubuntu impish *
Mp3splt Ubuntu jammy *
Mp3splt Ubuntu kinetic *
Mp3splt Ubuntu lunar *
Mp3splt Ubuntu mantic *
Mp3splt Ubuntu noble *
Mp3splt Ubuntu oracular *
Mp3splt Ubuntu plucky *
Mp3splt Ubuntu precise *
Mp3splt Ubuntu trusty *
Mp3splt Ubuntu upstream *
Mp3splt Ubuntu xenial *
Mp3splt Ubuntu yakkety *
Mp3splt Ubuntu zesty *

Potential Mitigations

References