| CVE-2017-15046 |
AVG-330 |
High |
Yes |
Arbitrary code execution |
LAME before 3.100 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c leading to denial of service or possibly arbitrary code execution. |
| CVE-2017-15045 |
AVG-330 |
Medium |
Yes |
Denial of service |
LAME before 3.100 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c. |
| CVE-2017-15019 |
AVG-330 |
Medium |
Yes |
Denial of service |
LAME before 3.100 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of... |
| CVE-2017-15018 |
AVG-437 |
Medium |
Yes |
Denial of service |
A heap-based buffer over-read vulnerability has been discovered in LAME before 3.100 in the k_34_4 function in vbrquantize.c while handling a malformed file. |
| CVE-2017-13712 |
AVG-330 |
Medium |
Yes |
Denial of service |
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME before 3.100 allows attackers to perform denial of service by... |
| CVE-2017-11720 |
AVG-330 |
Medium |
Yes |
Denial of service |
There is a division-by-zero vulnerability in LAME before 3.100, caused by a malformed input file. |
| CVE-2017-9872 |
AVG-330 |
High |
Yes |
Arbitrary code execution |
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to... |
| CVE-2017-9871 |
AVG-330 |
High |
Yes |
Arbitrary code execution |
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a... |
| CVE-2017-9870 |
AVG-330 |
Medium |
Yes |
Denial of service |
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a... |
| CVE-2017-9869 |
AVG-330 |
Medium |
Yes |
Denial of service |
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a... |
| CVE-2017-9412 |
AVG-330 |
Medium |
Yes |
Denial of service |
The unpack_read_samples function in frontend/get_audio.c in LAME before 3.100-1 allows remote attackers to cause a denial of service (invalid memory read... |
| CVE-2017-9411 |
AVG-330 |
Medium |
Yes |
Denial of service |
The fill_buffer_resample function in libmp3lame/util.c in LAME before 3.100 allows remote attackers to cause a denial of service (invalid memory read and... |
| CVE-2017-9410 |
AVG-330 |
Medium |
Yes |
Denial of service |
The fill_buffer_resample function in libmp3lame/util.c in LAME before 3.100 allows remote attackers to cause a denial of service (heap-based buffer... |
| CVE-2017-8419 |
AVG-330 |
High |
Yes |
Arbitrary code execution |
LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service... |
| CVE-2015-9101 |
AVG-330 |
Medium |
Yes |
Denial of service |
The fill_buffer_resample function in util.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (heap-based buffer... |
| CVE-2015-9100 |
AVG-330 |
Medium |
Yes |
Denial of service |
The fill_buffer_resample function in util.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (NULL pointer... |
| CVE-2015-9099 |
AVG-330 |
Medium |
Yes |
Denial of service |
The lame_init_params function in lame.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (invalid read and... |