CVE-2017-8419 log

Severity High
Remote Yes
Type Arbitrary code execution
LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly execute arbitrary code via a crafted file, as demonstrated by mishandling of num_channels.
Group Package Affected Fixed Severity Status Ticket
AVG-330 lame 3.99.5-3 3.100-1 High Fixed FS#54859