CVE-2019-18359

MEDIUM

5.5

Description

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.

CVE Details

CVSS v3.1 Score5.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published10/23/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

glensawyer:mp3gain

Weaknesses (CWE)

CWE-125

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html(cve@mitre.org)

https://sourceforge.net/p/mp3gain/bugs/46/(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)

https://sourceforge.net/p/mp3gain/bugs/46/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.