CVE-2017-8419 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly execute arbitrary code via a crafted file, as demonstrated by mishandling of num_channels. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-330 | lame | 3.99.5-3 | 3.100-1 | High | Fixed | FS#54859 |
| References |
|---|
https://sourceforge.net/p/lame/bugs/458/ |