Vulnerabilities > CVE-2017-7605 - Reachable Assertion vulnerability in Libaacplus Project Libaacplus 2.0.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

libaacplus-project

CWE-617

NVD

Published: 2017-04-09

Updated: 2022-12-08

Summary

aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

Vulnerable Configurations

Part	Description	Count
Application	Libaacplus_Project Libaacplus Project Libaacplus 2.0.2	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/
https://security.gentoo.org/glsa/202209-13