717940 – (CVE-2019-18359) <media-sound/mp3gain-1.6.2: Buffer overflow in ReadMP3APETag (CVE-2019-18359)

Bug 717940 (CVE-2019-18359) - <media-sound/mp3gain-1.6.2: Buffer overflow in ReadMP3APETag (CVE-2019-18359)

Summary: <media-sound/mp3gain-1.6.2: Buffer overflow in ReadMP3APETag (CVE-2019-18359)

Status:	RESOLVED FIXED

Alias:	CVE-2019-18359

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve cleanup]
Keywords:

Depends on:
Blocks:

Reported:	2020-04-17 20:38 UTC by GLSAMaker/CVETool Bot
Modified:	2020-08-29 00:28 UTC (History)
CC List:	3 users (show)

See Also:
Package list:	media-sound/mp3gain-1.6.2
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-17 20:38:29 UTC

CVE-2019-18359 (https://nvd.nist.gov/vuln/detail/CVE-2019-18359):
  A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain
  1.6.2. The vulnerability causes an application crash, which leads to remote
  denial of service.

Comment 1 Sam James archtester

2020-04-19 08:52:54 UTC

@maintainer(s), please bump the ebuild

Comment 2 John Helmert III archtester

2020-07-06 04:56:43 UTC

(In reply to Sam James (sec padawan) from comment #1)
> @maintainer(s), please bump the ebuild

Doesn't look like there's a release upstream since 1.6.2, nor has upstream addressed this issue.

openSUSE has a patch: https://build.opensuse.org/package/view_file/openSUSE:Factory/mp3gain/0001-fix-security-bugs.patch

Comment 3 Larry the Git Cow gentoo-dev

2020-08-03 05:12:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36f8689f7903548f5d89827a6e7bdf70a9882cee

commit 36f8689f7903548f5d89827a6e7bdf70a9882cee
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-08-03 05:11:12 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-08-03 05:12:45 +0000

    media-sound/mp3gain: bump to 1.6.2 (+ CVE patch)
    
    Bump to 1.6.2, which includes an upstreamed patch
    for a previous CVE, and include openSUSE's patch
    for CVE-2019-18359 (and others).
    
    Bug: https://bugs.gentoo.org/717940
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 media-sound/mp3gain/Manifest                       |   1 +
 .../files/mp3gain-1.6.2-CVE-2019-18359-plus.patch  | 183 +++++++++++++++++++++
 media-sound/mp3gain/mp3gain-1.6.2.ebuild           |  33 ++++
 3 files changed, 217 insertions(+)

Comment 4 Sam James archtester

2020-08-05 23:47:15 UTC

sparc done

Comment 5 Agostino Sarubbo gentoo-dev

2020-08-07 11:45:16 UTC

amd64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-08-07 11:53:24 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 7 Sam James archtester

2020-08-08 03:58:20 UTC

GLSA vote: no

Comment 8 Larry the Git Cow gentoo-dev

2020-08-29 00:28:52 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ad7877efb30b4599320e7f81a15cb2527acdfe

commit 78ad7877efb30b4599320e7f81a15cb2527acdfe
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-08-29 00:26:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-08-29 00:26:26 +0000

    media-sound/mp3gain: security cleanup
    
    Closes: https://bugs.gentoo.org/717940
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Sam James <sam@gentoo.org>

 media-sound/mp3gain/Manifest                       |  1 -
 .../files/mp3gain-1.6.1-CVE-2017-12911.patch       | 77 ----------------------
 media-sound/mp3gain/mp3gain-1.6.1.ebuild           | 34 ----------
 3 files changed, 112 deletions(-)