VDB
CVE-2019-18359
CVE-2019-18359
PUBLISHED
CVSS 5.5 MEDIUM
A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
EPSS 0.50% · 66.5th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.50%
66.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| glensawyer | mp3gain | 1.6.2 |
Exploit Intelligence
- https://sourceforge.net/p/mp3gain/bugs/46/ (nist-nvd)
- openSUSE-SU-2020:0522 (circl)
- openSUSE-SU-2020:0539 (circl)
Timeline
- Oct 23, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://sourceforge.net/p/mp3gain/bugs/46/ url
- openSUSE-SU-2020:0522 vendor-advisory
- openSUSE-SU-2020:0539 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-18359 advisory
- https://sourceforge.net/p/mp3gain/bugs/46 url