CVE-2017-14408
5.5
MEDIUM
CVSS 3.1
EPSS 0.43%
Description
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
How to fix CVE-2017-14408
To remediate CVE-2017-14408, upgrade the affected package to a fixed version below.
- Debian/mp3gain—upgrade to 1.6.2-1 or later
Is CVE-2017-14408 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |