First Last Prev Next    This bug is not in your last search results.
Bug 1154971 - (CVE-2019-18359) VUL-1: CVE-2019-18359: mp3gain: A buffer over-read was discovered in ReadMP3APETag in apetag.c which might lead to remote denial of service
(CVE-2019-18359)
VUL-1: CVE-2019-18359: mp3gain: A buffer over-read was discovered in ReadMP3A...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/245722/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-10-24 10:56 UTC by Alexandros Toptsoglou
Modified: 2022-05-11 14:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-10-24 10:56:41 UTC 
CVE-2019-18359

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2.
The vulnerability causes an application crash, which leads to remote denial of
service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18359
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18359.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18359
https://sourceforge.net/p/mp3gain/bugs/46/
Comment 1 Luigi Baldoni 2019-10-24 14:20:16 UTC 
Waiting for upstream to address the problem.
Comment 2 Luigi Baldoni 2020-03-09 18:51:43 UTC 
Requested package deletion (#782814).
Comment 3 Swamp Workflow Management 2020-04-10 14:40:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1154971) was mentioned in
https://build.opensuse.org/request/show/792961 Factory / mp3gain
Comment 4 Andreas Stieger 2020-04-11 15:09:57 UTC 
Luigi, we were still missing a maintenance update for this. I submitted it for you:
https://build.opensuse.org/request/show/793110
Please accept the review as maintainer and assign it back to security-team@suse.de
Comment 5 Swamp Workflow Management 2020-04-11 16:00:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1154971) was mentioned in
https://build.opensuse.org/request/show/793113 15.1 / mp3gain
Comment 6 Swamp Workflow Management 2020-04-11 18:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1154971) was mentioned in
https://build.opensuse.org/request/show/793210 Factory / mp3gain
Comment 7 Swamp Workflow Management 2020-04-15 16:28:46 UTC 
openSUSE-SU-2020:0522-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1154971
CVE References: CVE-2017-12911,CVE-2019-18359
Sources used:
openSUSE Leap 15.1 (src):    mp3gain-1.6.2-lp151.3.3.1
Comment 8 Andreas Stieger 2020-04-15 16:37:48 UTC 
done
Comment 9 Swamp Workflow Management 2020-04-18 22:13:27 UTC 
openSUSE-SU-2020:0539-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1154971
CVE References: CVE-2017-12911,CVE-2019-18359
Sources used:
openSUSE Backports SLE-15-SP1 (src):    mp3gain-1.6.2-bp151.4.3.1
Comment 10 OBSbugzilla Bot 2022-05-11 14:40:40 UTC 
This is an autogenerated message for OBS integration:
This bug (1154971) was mentioned in
https://build.opensuse.org/request/show/976384 15.4 / release-notes-openSUSE
First Last Prev Next    This bug is not in your last search results.