Masanari Higashi

Update: I was not aware that the Debian/openSUSE security patches had already been applied to master in commit b0d6a5 (2025-11-01, Bug #62). Thank you Glen for applying those. To clarify the current status: Fixed in master (not yet released): CVE-2023-49356 — Stack buffer overflow in WriteMP3GainAPETag CVE-2019-18359 — Buffer over-read in ReadMP3APETag CVE-2018-10777 — Buffer overflow in WriteMP3GainAPETag CVE-2017-12911 — Stack memory corruption in apetag.c Possibly also addressed: Bugs #56–#60...

Security summary: 19 known CVEs remain unpatched in current downloads