CVE-2018-10777

Description

Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

How to fix CVE-2018-10777

To remediate CVE-2018-10777, upgrade the affected package to a fixed version below.

Debian/mp3gain—upgrade to 1.6.2-2 or later

Is CVE-2018-10777 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.6.2-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-10777