{"id":"CVE-2017-15185","details":"plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.","modified":"2026-03-14T14:26:47.363123Z","published":"2017-10-09T05:29:00.400Z","references":[{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2017/Jul/82"},{"type":"ADVISORY","url":"https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts/2017/09/msg00115.html"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42399/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.9.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15185.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}]}