Vulnerability Details : CVE-2009-0475
Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2009-0475
Probability of exploitation activity in the next 30 days: 2.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-0475
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2009-0475
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0475
-
http://android.git.kernel.org/?p=platform/external/opencore.git;a=commit;h=7b466cd0ecfdba72c4cbd0f3a8c2001141376b0f
Vendor Advisory
-
http://www.securityfocus.com/bid/33673
-
http://review.source.android.com/Gerrit#change,8815
-
http://www.securityfocus.com/archive/1/500750/100/0/threaded
-
http://www.ocert.org/advisories/ocert-2009-002.html
Products affected by CVE-2009-0475
- cpe:2.3:a:android:opencore:2.0:*:*:*:*:*:*:*