CVE-2024-33429 - Vulnerability Details - OpenCVE

Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Stsaz	Phiola

Configuration 1 [-]

cpe:2.3:a:stsaz:phiola:2.0:rc22:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2
https://github.com/stsaz/phiola/
https://github.com/stsaz/phiola/issues/30

History

Fri, 19 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:stsaz:phiola:2.0:rc22::::::

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-01T00:00:00

Updated: 2024-08-02T02:27:53.639Z

Reserved: 2024-04-23T00:00:00

Link: CVE-2024-33429

Vulnrichment

Updated: 2024-05-02T18:28:07.316Z

NVD

Status : Analyzed

Published: 2024-05-01T19:15:27.170

Modified: 2025-09-19T14:11:30.593

Link: CVE-2024-33429

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33429", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:27:53.639Z", "dateReserved": "2024-04-23T00:00:00", "datePublished": "2024-05-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:44:58.854323"}, "descriptions": [{"lang": "en", "value": "Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/stsaz/phiola/"}, {"url": "https://github.com/stsaz/phiola/issues/30"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33429", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T18:23:28.759999Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stsaz:phiola:-:*:*:*:*:*:*:*"], "vendor": "stsaz", "product": "phiola", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "v2.0-rc22"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:14.002Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/stsaz/phiola/", "tags": ["x_transferred"]}, {"url": "https://github.com/stsaz/phiola/issues/30", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33429", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:45:14.002Z", "dateReserved": "2024-04-23T00:00:00", "datePublished": "2024-05-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:44:58.854323"}, "descriptions": [{"lang": "en", "value": "Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/stsaz/phiola/"}, {"url": "https://github.com/stsaz/phiola/issues/30"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33429", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T18:23:28.759999Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stsaz:phiola:-:*:*:*:*:*:*:*"], "vendor": "stsaz", "product": "phiola", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "v2.0-rc22"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T18:28:07.316Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stsaz:phiola:2.0:rc22:*:*:*:*:*:*", "matchCriteriaId": "3788EBE2-AAE9-41E9-90A4-E97C9F2999D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de b\u00fafer en pcm_convert.h:513 de phiola v2.0-rc22 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo .wav manipulado."}], "id": "CVE-2024-33429", "lastModified": "2025-09-19T14:11:30.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-01T19:15:27.170", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/stsaz/phiola/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/stsaz/phiola/issues/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/stsaz/phiola/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/stsaz/phiola/issues/30"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}