CVE-2017-14407

Опубликовано: 13 сент. 2017

Источник: debian

Описание

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mp3gain	fixed	1.6.2-1		package
mp3gain	end-of-life		wheezy	package

Примечания

https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/
Not reproducible with 1.6.2.
Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc

Связанные уязвимости

CVE-2017-14407

CVSS3: 5.5

ubuntu

больше 8 лет назад

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.

CVE-2017-14407

CVSS3: 5.5

nvd

больше 8 лет назад

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.

GHSA-8g2w-fqgg-h73v

CVSS3: 5.5

github

больше 3 лет назад

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.