CVE-2019-18359

NameCVE-2019-18359
DescriptionA buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs973932

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mp3gain (PTS)sid, trixie, bullseye, bookworm1.6.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mp3gainsourcewheezy(unfixed)end-of-life
mp3gainsource(unstable)1.6.2-2973932

Notes

SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd
Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc

Search for package or bug name: Reporting problems