CVE-2024-34952

5.0 MEDIUM

Published: May 20, 2024 Modified: April 15, 2026

Description

taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png

Source: cve@mitre.org

https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md

Source: cve@mitre.org

https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/poc/I1DWE0~U

Source: cve@mitre.org

https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata

Source: cve@mitre.org

https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_FixMetadata/poc

Source: cve@mitre.org

https://github.com/taurusxin/ncmdump/issues/18

Source: cve@mitre.org

https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.assets/debug-coredump.png