A buffer over-read exists in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
Debian Bug report logs -
#973932
mp3gain: CVE-2018-10777, CVE-2019-18359: Crashes with fuzzing PoC
Package:
mp3gain;
Maintainer for mp3gain is Scott Hardin <scottnhardin@gmailcom>; Source for mp3gain is src:mp3gain (PTS, buildd, popcon)
Reported by: Stefan Fritsch <sf@sfritschde>
Date: Sat, 7 Nov 2020 19:30:02 UTC ...