lame

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A high quality MPEG Audio Layer III (MP3) encoder
Version 3.100-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-437 3.99.5-3 3.99.5-4 Medium Fixed FS#55889
AVG-330 3.99.5-3 3.100-1 High Fixed FS#54859
Issue Group Severity Remote Type Description
CVE-2017-9872 AVG-330 High Yes Arbitrary code execution
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to...
CVE-2017-9871 AVG-330 High Yes Arbitrary code execution
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a...
CVE-2017-9870 AVG-330 Medium Yes Denial of service
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a...
CVE-2017-9869 AVG-330 Medium Yes Denial of service
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME before 3.100 and other products, allows remote attackers to cause a...
CVE-2017-9412 AVG-330 Medium Yes Denial of service
The unpack_read_samples function in frontend/get_audio.c in LAME before 3.100-1 allows remote attackers to cause a denial of service (invalid memory read...
CVE-2017-9411 AVG-330 Medium Yes Denial of service
The fill_buffer_resample function in libmp3lame/util.c in LAME before 3.100 allows remote attackers to cause a denial of service (invalid memory read and...
CVE-2017-9410 AVG-330 Medium Yes Denial of service
The fill_buffer_resample function in libmp3lame/util.c in LAME before 3.100 allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2017-8419 AVG-330 High Yes Arbitrary code execution
LAME before 3.100 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service...
CVE-2017-15046 AVG-330 High Yes Arbitrary code execution
LAME before 3.100 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c leading to denial of service or possibly arbitrary code execution.
CVE-2017-15045 AVG-330 Medium Yes Denial of service
LAME before 3.100 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c.
CVE-2017-15019 AVG-330 Medium Yes Denial of service
LAME before 3.100 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of...
CVE-2017-15018 AVG-437 Medium Yes Denial of service
A heap-based buffer over-read vulnerability has been discovered in LAME before 3.100 in the k_34_4 function in vbrquantize.c while handling a malformed file.
CVE-2017-13712 AVG-330 Medium Yes Denial of service
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME before 3.100 allows attackers to perform denial of service by...
CVE-2017-11720 AVG-330 Medium Yes Denial of service
There is a division-by-zero vulnerability in LAME before 3.100, caused by a malformed input file.
CVE-2015-9101 AVG-330 Medium Yes Denial of service
The fill_buffer_resample function in util.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2015-9100 AVG-330 Medium Yes Denial of service
The fill_buffer_resample function in util.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2015-9099 AVG-330 Medium Yes Denial of service
The lame_init_params function in lame.c in libmp3lame.a in LAME before 3.100 allows remote attackers to cause a denial of service (invalid read and...

Advisories

Date Advisory Group Severity Description
09 Oct 2017 ASA-201710-11 AVG-437 Medium denial of service