In readAPICFrame function, you don't check the size of b parameter. If the b parameter don't end with double zero, the size of mimeDataSplit is one after bytes.SplitN and then program will happen panic beause your check logic is a little late in line 609 .
This is the fourth vulnerability in id3v2frames.go.
In readAPICFrame function, you don't check the size of b parameter. If the b parameter don't end with double zero, the size of mimeDataSplit is one after bytes.SplitN and then program will happen panic beause your check logic is a little late in line 609 .
testcase 09c7c9d4e8fcee39048684570266ce162d9437c7.zip