CVE-2017-8419 - log back

CVE-2017-8419 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly execute arbitrary code via a crafted file, as demonstrated by mishandling of num_channels.
References
+ https://sourceforge.net/p/lame/bugs/458/
Notes