Vulnerability Name:

CVE-2019-15757 (CCN-166188)

Assigned:2019-08-28
Published:2019-08-28
Updated:2019-09-10
Summary:libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-15757

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:2095

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:2096

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:2129

Source: XF
Type: UNKNOWN
cdemu-cve201915757-dos(166188)

Source: MISC
Type: Exploit, Third Party Advisory
https://gist.github.com/andreafioraldi/343d9ba64060b548c02362a5e61ec932

Source: CCN
Type: SourceForge CDemu - a virtual CD/DVD drive for Linux Project
#118 Null Pointer Dereference in libmirage 3.2.2

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://sourceforge.net/p/cdemu/bugs/118/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libmirage_project:libmirage:3.2.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cdemu:libmirage:3.2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:93465
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:201915757
    V
    		CVE-2019-15757
    2022-06-30
    oval:org.opensuse.security:def:112697
    P
    		libmirage-3_2-3.2.5-1.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106173
    P
    		libmirage-3_2-3.2.5-1.3 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63247
    P
    		yast2-rmt-1.2.1-1.25 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63473
    P
    		gimp-2.10.12-7.25 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:74362
    P
    		Security update for caribou (Important)
    2021-07-20
    oval:org.opensuse.security:def:62628
    P
    		fontforge-20200314-1.17 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62427
    P
    		libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62907
    P
    		libtool-32bit-2.4.6-1.406 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62428
    P
    		libXp6-32bit-1.0.3-1.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63109
    P
    		python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62451
    P
    		liblouis-data-3.3.0-2.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64296
    P
    		libX11-6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64040
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:74236
    P
    		Recommended update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64142
    P
    		Security update for squid (Critical)
    2020-12-01
    oval:org.opensuse.security:def:63800
    P
    		Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:64184
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63934
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:100178
    P
    		 (Important)
    2019-12-11
    oval:org.opensuse.security:def:109986
    P
    		Security update for libmirage (Moderate)
    2019-09-08
    BACK
    libmirage_project libmirage 3.2.2
    cdemu libmirage 3.2.2