Skip to main content

Mp3Gain CVE-2017-14407

MEDIUM
Out-of-bounds Read (CWE-125)
2017-09-13 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 13, 2017 - 03:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.

AnalysisAI

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. Affected products include: Mp3Gain. Version information: version 1.5.2..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-49356 HIGH POC
7.5 Dec 22

A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3

CVE-2019-18359 MEDIUM POC
5.5 Oct 23

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. Rated medium severity (CVSS 5.5), this

CVE-2017-14409 HIGH
7.8 Sep 13

A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. Ra

CVE-2017-14411 HIGH
7.8 Sep 13

A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. R

CVE-2017-14412 HIGH
7.8 Sep 13

An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated h

CVE-2018-10778 HIGH
7.8 May 07

Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows rem

CVE-2018-10777 HIGH
7.8 May 07

Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to ca

CVE-2018-10776 HIGH
7.8 May 07

The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of serv

CVE-2017-14408 MEDIUM
5.5 Sep 13

A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated

CVE-2017-14410 MEDIUM
5.5 Sep 13

A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated medi

CVE-2017-14406 MEDIUM
5.5 Sep 13

A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2.

CVE-2017-12911 MEDIUM
5.5 Sep 07

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a cr

Share

CVE-2017-14407 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy