This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input when handling the A2DP profile. A remote attacker can pass specially crafted data to the system and execute arbitrary code.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
BlueZ: 5.40 - 5.64
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.