mp3gain 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-10778 | Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409. | [email protected] | 7.8 | 1.07% | 2018-05-07 | 2026-06-16 |
| CVE-2018-10777 | Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | [email protected] | 7.8 | 1.01% | 2018-05-07 | 2026-06-16 |
| CVE-2018-10776 | The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 7.8 | 1.04% | 2018-05-07 | 2026-06-16 |
| CVE-2017-14412 | An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact. | [email protected] | 7.8 | 0.81% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14411 | A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | [email protected] | 7.8 | 1.64% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14410 | A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | [email protected] | 5.5 | 0.86% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14409 | A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | [email protected] | 7.8 | 1.62% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14408 | A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | [email protected] | 5.5 | 0.86% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14407 | A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | [email protected] | 5.5 | 0.86% | 2017-09-12 | 2026-06-16 |
| CVE-2017-14406 | A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | [email protected] | 5.5 | 0.86% | 2017-09-12 | 2026-06-16 |
| CVE-2017-12912 | The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | [email protected] | 5.5 | 0.69% | 2017-09-07 | 2026-06-16 |
| CVE-2017-12911 | The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. | [email protected] | 5.5 | 0.85% | 2017-09-07 | 2026-06-16 |