Home > Vulnerability Database > CVE-2024-33428

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-33428

Date: April 30, 2024

Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.

Language: C

Severity Score

8.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-33428

Url: https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png

Url: https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc

Url: https://github.com/stsaz/phiola/issues/29

Url: https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-1

Url: https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md

Url: https://www.mend.io/vulnerability-database/CVE-2024-33428

Severity Score

8.8

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us