A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html