Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0326
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0326)
Summary:	The remote host is missing an update for the 'mp3gain' package(s) announced via the MGASA-2018-0326 advisory.
Description:	Summary: The remote host is missing an update for the 'mp3gain' package(s) announced via the MGASA-2018-0326 advisory. Vulnerability Insight: A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service (CVE-2017-14406). A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14407). A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14408). A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution (CVE-2017-14409). A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14410). A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution (CVE-2017-14411). An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact (CVE-2017-14412). Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-10777). Affected Software/OS: 'mp3gain' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14406 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14407 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14408 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14409 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14410 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14411 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14412 https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/ Common Vulnerability Exposure (CVE) ID: CVE-2018-10777 https://docs.google.com/document/d/11Ms9j82hpH8iA0oc4QH0qUG6gq-ZOiqI0YroAFMrcD8/edit
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.