National Vulnerability Database:
CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.
CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.
CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted audio
file.
blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
nvd.nist.gov/vuln/detail/CVE-2017-8372
nvd.nist.gov/vuln/detail/CVE-2017-8373
nvd.nist.gov/vuln/detail/CVE-2017-8374