CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow (CVE-2020-15359) in a popular open source sound utility, MP3Gain. MP3Gain analyzes and adjusts MP3 files so that they have the same volume by using statistical analysis to determine what those levels should be. The researchers at VDA Labs said in a blog post “a bad actor could use this bug to develop an exploit, which could result in something like the compromise of a workstation running MP3Gain.”

*** This is a Security Bloggers Network syndicated blog from ForAllSecure Blog authored by Robert Vamosi. Read the original post at: https://blog.forallsecure.com/vdalabs-researchers-use-mayhem-to-find-a-stack-overflow-in-mp3gain