{"id":"MGASA-2018-0326","summary":"Updated mp3gain packages fix security vulnerabilities","details":"A NULL pointer dereference was discovered in sync_buffer in interface.c\nin mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes\na segmentation fault and application crash, which leads to remote denial\nof service (CVE-2017-14406).\n\nA stack-based buffer over-read was discovered in filterYule in\ngain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an\napplication crash, which leads to remote denial of service (CVE-2017-14407).\n\nA stack-based buffer over-read was discovered in dct36 in layer3.c in\nmpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an\napplication crash, which leads to remote denial of service (CVE-2017-14408).\n\nA buffer overflow was discovered in III_dequantize_sample in layer3.c in\nmpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an\nout-of-bounds write, which leads to remote denial of service or possibly\ncode execution (CVE-2017-14409).\n\nA buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL,\nas used in MP3Gain version 1.5.2. The vulnerability causes an application\ncrash, which leads to remote denial of service (CVE-2017-14410).\n\nA stack-based buffer overflow was discovered in copy_mp in interface.c in\nmpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an\nout-of-bounds write, which leads to remote denial of service or possibly\ncode execution (CVE-2017-14411).\n\nAn invalid memory write was discovered in copy_mp in interface.c in\nmpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a\ndenial of service (segmentation fault and application crash) or possibly\nunspecified other impact (CVE-2017-14412).\n\nBuffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain\nthrough 1.5.2-r2 allows remote attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact\n(CVE-2018-10777).\n","modified":"2026-04-16T06:25:55.714026907Z","published":"2018-08-10T14:37:39Z","upstream":["CVE-2017-14406","CVE-2017-14407","CVE-2017-14408","CVE-2017-14409","CVE-2017-14410","CVE-2017-14411","CVE-2017-14412","CVE-2018-10777"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0326.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21706"},{"type":"REPORT","url":"https://sourceforge.net/p/mp3gain/bugs/40/"},{"type":"REPORT","url":"https://sourceforge.net/p/mp3gain/bugs/41/"},{"type":"REPORT","url":"https://sourceforge.net/p/mp3gain/bugs/43/"}],"affected":[{"package":{"name":"mp3gain","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mp3gain?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.2-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0326.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}