How severe is CVE-2024-10573?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-10573?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2024-10573 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

Related Vulnerabilities

CVE-2017-17176

MEDIUM

CVSS:6.7(Medium)

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00B...

CWE-7872017

CVE-2017-18551

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.

CWE-7872017

CVE-2017-18846

MEDIUM

CVSS:6.7(Medium)

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1...

CWE-7872017

CVE-2018-3632

MEDIUM

CVSS:6.7(Medium)

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be trig...

CWE-7872018

CVE-2018-9368

MEDIUM

CVSS:6.7(Medium)

In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system executi...

CWE-7872018

CVE-2018-9386

MEDIUM

CVSS:6.7(Medium)

In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution priv...

CWE-7872018