Mp3splt Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Mp3splt Project CVE published 2017-03-01

CVE-2017-5851

CVE-2017-5851 affects mp3splt 2.6.2 and is caused by a null pointer dereference in free_options() within options_manager.c. A crafted file can trigger a crash of the command-line utility. NVD scores the issue as CVSS 3.0 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) and maps it to CWE-476. The source description also notes that this crash typically has no further consequences for availability, so the practica [truncated]

MEDIUM Mp3splt Project CVE published 2017-03-01

CVE-2017-5666

CVE-2017-5666 is an invalid-free flaw in free_options() in options_manager.c in mp3splt 2.6.2. When a crafted file is processed, the application can crash, resulting in denial of service. The official NVD record classifies the issue as CWE-416 with CVSS 3.0 5.5/Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).