Description
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/drive/folders/1epm65c4_iC0zE5V_leoet4Jyk1Prz2p5?usp=sharing
Scores
CVSS v3
9.8
EPSS
0.0059
EPSS Percentile
69.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (2)
glensawyer/mp3gain
1.5.2 (3 CPE variants)
glensawyer/mp3gain
< 1.5.2
Published
May 11, 2022
Tracked Since
Feb 18, 2026