CVE-2024-33431 - Vulnerability Details - OpenCVE

An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Stsaz	Phiola

Configuration 1 [-]

cpe:2.3:a:stsaz:phiola:2.0:rc22:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc
https://github.com/stsaz/phiola/
https://github.com/stsaz/phiola/issues/27

History

Fri, 19 Sep 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:stsaz:phiola:2.0:rc22::::::

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-01T00:00:00

Updated: 2024-08-02T02:27:53.639Z

Reserved: 2024-04-23T00:00:00

Link: CVE-2024-33431

Vulnrichment

Updated: 2024-05-02T17:36:05.969Z

NVD

Status : Analyzed

Published: 2024-05-01T19:15:27.283

Modified: 2025-09-19T13:48:18.000

Link: CVE-2024-33431

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33431", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:27:53.639Z", "dateReserved": "2024-04-23T00:00:00", "datePublished": "2024-05-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:53:42.972526"}, "descriptions": [{"lang": "en", "value": "An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/stsaz/phiola/"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G"}, {"url": "https://github.com/stsaz/phiola/issues/27"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33431", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:25:37.761013Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stsaz:phiola:-:*:*:*:*:*:*:*"], "vendor": "stsaz", "product": "phiola", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:44.832Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/stsaz/phiola/", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G", "tags": ["x_transferred"]}, {"url": "https://github.com/stsaz/phiola/issues/27", "tags": ["x_transferred"]}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33431", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:43:44.832Z", "dateReserved": "2024-04-23T00:00:00", "datePublished": "2024-05-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T18:53:42.972526"}, "descriptions": [{"lang": "en", "value": "An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/stsaz/phiola/"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md"}, {"url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G"}, {"url": "https://github.com/stsaz/phiola/issues/27"}, {"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33431", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:25:37.761013Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stsaz:phiola:-:*:*:*:*:*:*:*"], "vendor": "stsaz", "product": "phiola", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T17:36:05.969Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stsaz:phiola:2.0:rc22:*:*:*:*:*:*", "matchCriteriaId": "3788EBE2-AAE9-41E9-90A4-E97C9F2999D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file."}, {"lang": "es", "value": "Un problema en phiola/src/afilter/conv.c:115 de phiola v2.0-rc22 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo .wav manipulado."}], "id": "CVE-2024-33431", "lastModified": "2025-09-19T13:48:18.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-01T19:15:27.283", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/stsaz/phiola/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/stsaz/phiola/issues/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/stsaz/phiola/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/stsaz/phiola/issues/27"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}