Vulnerabilities > CVE-2019-18796 - Infinite Loop vulnerability in Un4Seen Bass 2.4.14.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

un4seen

CWE-835

NVD

Published: 2020-10-16

Updated: 2020-10-27

Summary

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Vulnerable Configurations

Part	Description	Count
Application	Un4Seen Un4Seen Bass 2.4.14.1	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

http://www.un4seen.com/
https://github.com/staufnic/CVE/tree/master/CVE-2019-18796