Vulnerabilities > CVE-2019-18794 - Use After Free vulnerability in Un4Seen Bass

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

un4seen

CWE-416

NVD

Published: 2020-10-16

Updated: 2020-10-27

Summary

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Un4Seen Un4Seen Bass *	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

http://www.un4seen.com/
https://github.com/staufnic/CVE/tree/master/CVE-2019-18794