Vulnerabilities > CVE-2019-18796 - Infinite Loop vulnerability in Un4Seen Bass

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

un4seen

CWE-835

NVD

Published: 2020-10-16

Updated: 2020-10-27

Summary

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Vulnerable Configurations

Part	Description	Count
Application	Un4Seen Un4Seen Bass *	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

http://www.un4seen.com/
https://github.com/staufnic/CVE/tree/master/CVE-2019-18796