Note:
This project will be discontinued after December 13, 2021. [more]
2017-09-13
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
| Products | Mp3gain |
| Type | Out-of-bounds Read (CWE-125) |
| First patch | - None (likely due to unavailable code) |
| Links | https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/ |