---

CVE-2017-8419 - log back

CVE-2017-8419 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly execute arbitrary code via a crafted file, as demonstrated by mishandling of num_channels.
References	+ https://sourceforge.net/p/lame/bugs/458/
Notes