ID OPENSUSE-2018-214.NASL Type nessus Reporter Tenable Modified 2018-02-28T00:00:00
Description
This update for lame fixes the following issues :
Lame was updated to version 3.100 :
Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection
New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.
Fix for sf#3558466 Bug in path handling
Fix for sf#3567844 problem with Tag genre
Fix for sf#3565659 no progress indication with pipe input
Fix for sf#3544957 scale (empty) silent encode without warning
Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore
Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8)
Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)
Fix dereference of a NULL pointer possible in loop.
Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath
Multiple Stack and Heap Corruptions from Malicious File.
(CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)
CVE-2017-11720: Fix a division by zero vulnerability.
(bsc#1082311)
CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)
CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397)
CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340)
Fix clip detect scale suggestion unaware of scale input value
HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow.
Add lame_encode_buffer_interleaved_int()
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-214.
#
# The text description of this plugin is (C) SUSE LLC.
#
include("compat.inc");
if (description)
{
script_id(107048);
script_version("$Revision: 3.1 $");
script_cvs_date("$Date: 2018/02/28 14:56:50 $");
script_cve_id("CVE-2015-9100", "CVE-2015-9101", "CVE-2017-11720", "CVE-2017-13712", "CVE-2017-15019", "CVE-2017-9410", "CVE-2017-9411", "CVE-2017-9412", "CVE-2017-9869", "CVE-2017-9870", "CVE-2017-9871", "CVE-2017-9872");
script_name(english:"openSUSE Security Update : lame (openSUSE-2018-214)");
script_summary(english:"Check for the openSUSE-2018-214 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for lame fixes the following issues :
Lame was updated to version 3.100 :
- Improved detection of MPEG audio data in RIFF WAVE
files. sf#3545112 Invalid sampling detection
- New switch --gain <decibel>, range -20.0 to +12.0, a
more convenient way to apply Gain adjustment in
decibels, than the use of --scale <factor>.
- Fix for sf#3558466 Bug in path handling
- Fix for sf#3567844 problem with Tag genre
- Fix for sf#3565659 no progress indication with pipe
input
- Fix for sf#3544957 scale (empty) silent encode without
warning
- Fix for sf#3580176 environment variable LAMEOPT doesn't
work anymore
- Fix for sf#3608583 input file name displayed with wrong
character encoding (on windows console with CP_UTF8)
- Fix dereference NULL and Buffer not NULL terminated
issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712
bsc#1082399 CVE-2015-9100 bsc#1082401)
- Fix dereference of a NULL pointer possible in loop.
- Make sure functions with SSE instructions maintain their
own properly aligned stack. Thanks to Fabian Greffrath
- Multiple Stack and Heap Corruptions from Malicious File.
(CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392
CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395
CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)
- CVE-2017-11720: Fix a division by zero vulnerability.
(bsc#1082311)
- CVE-2017-9410: Fix fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap
(bsc#1082333)
- CVE-2017-9411: Fix fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application
crash (bsc#1082397)
- CVE-2017-9412: FIx unpack_read_samples function in
frontend/get_audio.c invalid memory read and application
crash (bsc#1082340)
- Fix clip detect scale suggestion unaware of scale input
value
- HIP decoder bug fixed: decoding mixed blocks of lower
sample frequency Layer3 data resulted in internal buffer
overflow.
- Add lame_encode_buffer_interleaved_int()"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401"
);
script_set_attribute(attribute:"solution", value:"Update the affected lame packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2018/02/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"lame-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"lame-debuginfo-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"lame-debugsource-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"lame-mp3rtp-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"lame-mp3rtp-debuginfo-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame-devel-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame0-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame0-debuginfo-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmp3lame0-32bit-3.100-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmp3lame0-debuginfo-32bit-3.100-7.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc");
}
{"id": "OPENSUSE-2018-214.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : lame (openSUSE-2018-214)", "description": "This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe input\n\n - Fix for sf#3544957 scale (empty) silent encode without warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow.\n\n - Add lame_encode_buffer_interleaved_int()", "published": "2018-02-28T00:00:00", "modified": "2018-02-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=107048", "reporter": "Tenable", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1082392", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082401", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082333", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082340", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082311", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082393", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082399", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082391", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082400", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082317", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082395", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"], "cvelist": ["CVE-2017-9412", "CVE-2017-9411", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2017-11720", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "type": "nessus", "lastseen": "2019-02-21T01:36:57", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:libmp3lame0", "p-cpe:/a:novell:opensuse:lame-mp3rtp", "p-cpe:/a:novell:opensuse:lame-debugsource", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo", "p-cpe:/a:novell:opensuse:libmp3lame-devel", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmp3lame0-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:lame-debuginfo", "p-cpe:/a:novell:opensuse:lame", "p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"], "cvelist": ["CVE-2017-9412", "CVE-2017-9411", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2017-11720", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe input\n\n - Fix for sf#3544957 scale (empty) silent encode without warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow.\n\n - Add lame_encode_buffer_interleaved_int()", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "91a1acf0b8b18b1dde500367f47f26e461f2967bb5e4949ea2363c0af23e2466", "hashmap": [{"hash": "a76517cf8861591b7b1e8663190dc242", "key": "cvelist"}, {"hash": "b27f4ba91e2aab0a68a7cad706296df5", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "modified"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "published"}, {"hash": "c0e2c78f8a51445f183ed607f35ce68e", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "eb4243e554ade78485d2be1f4fa51bca", "key": "sourceData"}, {"hash": "ede674c3eba0aa4cad5331e4d2d2544b", "key": "href"}, {"hash": "af5c65d748f99690237753cf0a711810", "key": "references"}, {"hash": "f4911e16c49e4825558d320cb4b6fee3", "key": "description"}, {"hash": "da694ed114fb46863b53ec25828bab20", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107048", "id": "OPENSUSE-2018-214.NASL", "lastseen": "2018-02-28T23:52:51", "modified": "2018-02-28T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "107048", "published": "2018-02-28T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1082392", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082401", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082333", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082340", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082311", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082393", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082399", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082391", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082400", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082317", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082395", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107048);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/02/28 14:56:50 $\");\n\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n\n script_name(english:\"openSUSE Security Update : lame (openSUSE-2018-214)\");\n script_summary(english:\"Check for the openSUSE-2018-214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lame packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debugsource-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame-devel-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-32bit-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-debuginfo-32bit-3.100-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc\");\n}\n", "title": "openSUSE Security Update : lame (openSUSE-2018-214)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-02-28T23:52:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:libmp3lame0", "p-cpe:/a:novell:opensuse:lame-mp3rtp", "p-cpe:/a:novell:opensuse:lame-debugsource", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo", "p-cpe:/a:novell:opensuse:libmp3lame-devel", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmp3lame0-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:lame-debuginfo", "p-cpe:/a:novell:opensuse:lame", "p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"], "cvelist": ["CVE-2017-9412", "CVE-2017-9411", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2017-11720", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe input\n\n - Fix for sf#3544957 scale (empty) silent encode without warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow.\n\n - Add lame_encode_buffer_interleaved_int()", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f2af8e7aad618341375898ba8da2a30e5b59045cd74c69a8b3a8d24a88e19b6a", "hashmap": [{"hash": "a76517cf8861591b7b1e8663190dc242", "key": "cvelist"}, {"hash": "b27f4ba91e2aab0a68a7cad706296df5", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "modified"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c0e2c78f8a51445f183ed607f35ce68e", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "eb4243e554ade78485d2be1f4fa51bca", "key": "sourceData"}, {"hash": "ede674c3eba0aa4cad5331e4d2d2544b", "key": "href"}, {"hash": "af5c65d748f99690237753cf0a711810", "key": "references"}, {"hash": "f4911e16c49e4825558d320cb4b6fee3", "key": "description"}, {"hash": "da694ed114fb46863b53ec25828bab20", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107048", "id": "OPENSUSE-2018-214.NASL", "lastseen": "2018-08-30T19:47:09", "modified": "2018-02-28T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "107048", "published": "2018-02-28T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1082392", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082401", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082333", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082340", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082311", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082393", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082399", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082391", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082400", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082317", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082395", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107048);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/02/28 14:56:50 $\");\n\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n\n script_name(english:\"openSUSE Security Update : lame (openSUSE-2018-214)\");\n script_summary(english:\"Check for the openSUSE-2018-214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lame packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debugsource-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame-devel-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-32bit-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-debuginfo-32bit-3.100-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc\");\n}\n", "title": "openSUSE Security Update : lame (openSUSE-2018-214)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:47:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:libmp3lame0", "p-cpe:/a:novell:opensuse:lame-mp3rtp", "p-cpe:/a:novell:opensuse:lame-debugsource", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo", "p-cpe:/a:novell:opensuse:libmp3lame-devel", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmp3lame0-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:lame-debuginfo", "p-cpe:/a:novell:opensuse:lame", "p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"], "cvelist": ["CVE-2017-9412", "CVE-2017-9411", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2017-11720", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-01-16T20:32:47", "references": [{"idList": ["1337DAY-ID-28006", "1337DAY-ID-28202"], "type": "zdt"}, {"idList": ["OPENSUSE-SU-2018:0544-1", "OPENSUSE-SU-2018:0543-1"], "type": "suse"}, {"idList": ["CVE-2017-9412", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310873552", "OPENVAS:1361412562310873799", "OPENVAS:1361412562310851711"], "type": "openvas"}, {"idList": ["EDB-ID:42259", "EDB-ID:42258", "EDB-ID:42390"], "type": "exploitdb"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "f6c330231f2b94f7d3b80ac26e58bc62d3690ba791ce8a930b1e44c1de2f3f9e", "hashmap": [{"hash": "a76517cf8861591b7b1e8663190dc242", "key": "cvelist"}, {"hash": "b27f4ba91e2aab0a68a7cad706296df5", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "modified"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "published"}, {"hash": "95f9b3ed3416aaeb9bbcf7c69993fb08", "key": "description"}, {"hash": "c0e2c78f8a51445f183ed607f35ce68e", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "eb4243e554ade78485d2be1f4fa51bca", "key": "sourceData"}, {"hash": "ede674c3eba0aa4cad5331e4d2d2544b", "key": "href"}, {"hash": "af5c65d748f99690237753cf0a711810", "key": "references"}, {"hash": "da694ed114fb46863b53ec25828bab20", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107048", "id": "OPENSUSE-2018-214.NASL", "lastseen": "2019-01-16T20:32:47", "modified": "2018-02-28T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "107048", "published": "2018-02-28T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1082392", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082401", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082333", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082340", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082311", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082393", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082399", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082391", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082400", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082317", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082395", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107048);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/02/28 14:56:50 $\");\n\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n\n script_name(english:\"openSUSE Security Update : lame (openSUSE-2018-214)\");\n script_summary(english:\"Check for the openSUSE-2018-214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lame packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debugsource-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame-devel-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-32bit-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-debuginfo-32bit-3.100-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc\");\n}\n", "title": "openSUSE Security Update : lame (openSUSE-2018-214)", "type": "nessus", "viewCount": 5}, "differentElements": ["description"], "edition": 4, "lastseen": "2019-01-16T20:32:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:libmp3lame0", "p-cpe:/a:novell:opensuse:lame-mp3rtp", "p-cpe:/a:novell:opensuse:lame-debugsource", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo", "p-cpe:/a:novell:opensuse:libmp3lame-devel", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmp3lame0-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:lame-debuginfo", "p-cpe:/a:novell:opensuse:lame", "p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"], "cvelist": ["CVE-2017-9412", "CVE-2017-9411", "CVE-2017-9871", "CVE-2017-13712", "CVE-2017-9869", "CVE-2017-9410", "CVE-2017-15019", "CVE-2017-9870", "CVE-2017-11720", "CVE-2015-9100", "CVE-2017-9872", "CVE-2015-9101"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe input\n\n - Fix for sf#3544957 scale (empty) silent encode without warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow.\n\n - Add lame_encode_buffer_interleaved_int()", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "91a1acf0b8b18b1dde500367f47f26e461f2967bb5e4949ea2363c0af23e2466", "hashmap": [{"hash": "a76517cf8861591b7b1e8663190dc242", "key": "cvelist"}, {"hash": "b27f4ba91e2aab0a68a7cad706296df5", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "modified"}, {"hash": "38fb48faf6d735f6f633fcfcd4caf5ac", "key": "published"}, {"hash": "c0e2c78f8a51445f183ed607f35ce68e", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "eb4243e554ade78485d2be1f4fa51bca", "key": "sourceData"}, {"hash": "ede674c3eba0aa4cad5331e4d2d2544b", "key": "href"}, {"hash": "af5c65d748f99690237753cf0a711810", "key": "references"}, {"hash": "f4911e16c49e4825558d320cb4b6fee3", "key": "description"}, {"hash": "da694ed114fb46863b53ec25828bab20", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107048", "id": "OPENSUSE-2018-214.NASL", "lastseen": "2018-09-01T23:52:29", "modified": "2018-02-28T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "107048", "published": "2018-02-28T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1082392", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082401", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082333", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082340", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082311", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082393", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082399", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082391", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082400", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082317", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082395", "https://bugzilla.opensuse.org/show_bug.cgi?id=1082397"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107048);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/02/28 14:56:50 $\");\n\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n\n script_name(english:\"openSUSE Security Update : lame (openSUSE-2018-214)\");\n script_summary(english:\"Check for the openSUSE-2018-214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lame packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debugsource-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame-devel-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-32bit-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-debuginfo-32bit-3.100-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc\");\n}\n", "title": "openSUSE Security Update : lame (openSUSE-2018-214)", "type": "nessus", "viewCount": 5}, "differentElements": ["description"], "edition": 3, "lastseen": "2018-09-01T23:52:29"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "da694ed114fb46863b53ec25828bab20"}, {"key": "cvelist", "hash": "a76517cf8861591b7b1e8663190dc242"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "f4911e16c49e4825558d320cb4b6fee3"}, {"key": "href", "hash": "ede674c3eba0aa4cad5331e4d2d2544b"}, {"key": "modified", "hash": "38fb48faf6d735f6f633fcfcd4caf5ac"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "c0e2c78f8a51445f183ed607f35ce68e"}, {"key": "published", "hash": "38fb48faf6d735f6f633fcfcd4caf5ac"}, {"key": "references", "hash": "af5c65d748f99690237753cf0a711810"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "eb4243e554ade78485d2be1f4fa51bca"}, {"key": "title", "hash": "b27f4ba91e2aab0a68a7cad706296df5"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "91a1acf0b8b18b1dde500367f47f26e461f2967bb5e4949ea2363c0af23e2466", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2018:0543-1", "OPENSUSE-SU-2018:0544-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851711", "OPENVAS:1361412562310873799", "OPENVAS:1361412562310873552"]}, {"type": "cve", "idList": ["CVE-2017-9871", "CVE-2017-15019", "CVE-2017-9869", "CVE-2017-9872", "CVE-2017-9870", "CVE-2015-9100", "CVE-2017-13712", "CVE-2017-9410", "CVE-2017-9412", "CVE-2017-11720"]}, {"type": "exploitdb", "idList": ["EDB-ID:42390", "EDB-ID:42259", "EDB-ID:42258"]}, {"type": "zdt", "idList": ["1337DAY-ID-28202", "1337DAY-ID-28006"]}], "modified": "2019-02-21T01:36:57"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107048);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2018/02/28 14:56:50 $\");\n\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n\n script_name(english:\"openSUSE Security Update : lame (openSUSE-2018-214)\");\n script_summary(english:\"Check for the openSUSE-2018-214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for lame fixes the following issues :\n\nLame was updated to version 3.100 :\n\n - Improved detection of MPEG audio data in RIFF WAVE\n files. sf#3545112 Invalid sampling detection\n\n - New switch --gain <decibel>, range -20.0 to +12.0, a\n more convenient way to apply Gain adjustment in\n decibels, than the use of --scale <factor>.\n\n - Fix for sf#3558466 Bug in path handling\n\n - Fix for sf#3567844 problem with Tag genre\n\n - Fix for sf#3565659 no progress indication with pipe\n input\n\n - Fix for sf#3544957 scale (empty) silent encode without\n warning\n\n - Fix for sf#3580176 environment variable LAMEOPT doesn't\n work anymore\n\n - Fix for sf#3608583 input file name displayed with wrong\n character encoding (on windows console with CP_UTF8)\n\n - Fix dereference NULL and Buffer not NULL terminated\n issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712\n bsc#1082399 CVE-2015-9100 bsc#1082401)\n\n - Fix dereference of a NULL pointer possible in loop.\n\n - Make sure functions with SSE instructions maintain their\n own properly aligned stack. Thanks to Fabian Greffrath\n\n - Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392\n CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395\n CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n\n - CVE-2017-11720: Fix a division by zero vulnerability.\n (bsc#1082311)\n\n - CVE-2017-9410: Fix fill_buffer_resample function in\n libmp3lame/util.c heap-based buffer over-read and ap\n (bsc#1082333)\n\n - CVE-2017-9411: Fix fill_buffer_resample function in\n libmp3lame/util.c invalid memory read and application\n crash (bsc#1082397)\n\n - CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application\n crash (bsc#1082340)\n\n - Fix clip detect scale suggestion unaware of scale input\n value\n\n - HIP decoder bug fixed: decoding mixed blocks of lower\n sample frequency Layer3 data resulted in internal buffer\n overflow.\n\n - Add lame_encode_buffer_interleaved_int()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082401\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lame packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-debugsource-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"lame-mp3rtp-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame-devel-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmp3lame0-debuginfo-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-32bit-3.100-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmp3lame0-debuginfo-32bit-3.100-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lame / lame-debuginfo / lame-debugsource / lame-mp3rtp / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "107048", "cpe": ["p-cpe:/a:novell:opensuse:libmp3lame0", "p-cpe:/a:novell:opensuse:lame-mp3rtp", "p-cpe:/a:novell:opensuse:lame-debugsource", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo", "p-cpe:/a:novell:opensuse:libmp3lame-devel", "p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmp3lame0-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:lame-debuginfo", "p-cpe:/a:novell:opensuse:lame", "p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"], "scheme": null}
{"suse": [{"lastseen": "2018-02-26T15:20:44", "bulletinFamily": "unix", "description": "This update for lame fixes the following issues:\n\n Lame was updated to version 3.100:\n\n * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112\n Invalid sampling detection\n * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient\n way to apply Gain adjustment in decibels, than the use of --scale\n <factor>.\n * Fix for sf#3558466 Bug in path handling\n * Fix for sf#3567844 problem with Tag genre\n * Fix for sf#3565659 no progress indication with pipe input\n * Fix for sf#3544957 scale (empty) silent encode without warning\n * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n * Fix for sf#3608583 input file name displayed with wrong character\n encoding (on windows console with CP_UTF8)\n * Fix dereference NULL and Buffer not NULL terminated issues.\n (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100\n bsc#1082401)\n * Fix dereference of a null pointer possible in loop.\n * Make sure functions with SSE instructions maintain their own properly\n aligned stack. Thanks to Fabian Greffrath\n * Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870\n bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397\n CVE-2015-9101 bsc#1082400)\n * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311)\n * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c\n heap-based buffer over-read and ap (bsc#1082333)\n * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c\n invalid memory read and application crash (bsc#1082397)\n * CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application crash\n (bsc#1082340)\n * Fix clip detect scale suggestion unaware of scale input value\n * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency\n Layer3 data resulted in internal buffer overflow.\n * Add lame_encode_buffer_interleaved_int()\n\n", "modified": "2018-02-26T12:07:51", "published": "2018-02-26T12:07:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00045.html", "id": "OPENSUSE-SU-2018:0543-1", "title": "Security update for lame (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-26T15:20:44", "bulletinFamily": "unix", "description": "This update for lame fixes the following issues:\n\n Lame was updated to version 3.100:\n\n * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112\n Invalid sampling detection\n * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient\n way to apply Gain adjustment in decibels, than the use of --scale\n <factor>.\n * Fix for sf#3558466 Bug in path handling\n * Fix for sf#3567844 problem with Tag genre\n * Fix for sf#3565659 no progress indication with pipe input\n * Fix for sf#3544957 scale (empty) silent encode without warning\n * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n * Fix for sf#3608583 input file name displayed with wrong character\n encoding (on windows console with CP_UTF8)\n * Fix dereference NULL and Buffer not NULL terminated issues.\n (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100\n bsc#1082401)\n * Fix dereference of a null pointer possible in loop.\n * Make sure functions with SSE instructions maintain their own properly\n aligned stack. Thanks to Fabian Greffrath\n * Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870\n bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397\n CVE-2015-9101 bsc#1082400)\n * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311)\n * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c\n heap-based buffer over-read and ap (bsc#1082333)\n * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c\n invalid memory read and application crash (bsc#1082397)\n * CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application crash\n (bsc#1082340)\n * Fix clip detect scale suggestion unaware of scale input value\n * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency\n Layer3 data resulted in internal buffer overflow.\n * Add lame_encode_buffer_interleaved_int()\n\n", "modified": "2018-02-26T12:09:38", "published": "2018-02-26T12:09:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00046.html", "id": "OPENSUSE-SU-2018:0544-1", "title": "Security update for lame (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-23T15:03:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2018-02-27T00:00:00", "id": "OPENVAS:1361412562310851711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851711", "title": "SuSE Update for lame openSUSE-SU-2018:0544-1 (lame)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_0544_1.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# SuSE Update for lame openSUSE-SU-2018:0544-1 (lame)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851711\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-27 08:15:45 +0100 (Tue, 27 Feb 2018)\");\n script_cve_id(\"CVE-2015-9100\", \"CVE-2015-9101\", \"CVE-2017-11720\", \"CVE-2017-13712\", \"CVE-2017-15019\", \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-9869\", \"CVE-2017-9870\", \"CVE-2017-9871\", \"CVE-2017-9872\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for lame openSUSE-SU-2018:0544-1 (lame)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lame'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for lame fixes the following issues:\n\n Lame was updated to version 3.100:\n\n * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112\n Invalid sampling detection\n\n * New switch --gain decibel, range -20.0 to +12.0, a more convenient\n way to apply Gain adjustment in decibels, than the use of --scale\n factor .\n\n * Fix for sf#3558466 Bug in path handling\n\n * Fix for sf#3567844 problem with Tag genre\n\n * Fix for sf#3565659 no progress indication with pipe input\n\n * Fix for sf#3544957 scale (empty) silent encode without warning\n\n * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore\n\n * Fix for sf#3608583 input file name displayed with wrong character\n encoding (on windows console with CP_UTF8)\n\n * Fix dereference NULL and Buffer not NULL terminated issues.\n (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100\n bsc#1082401)\n\n * Fix dereference of a null pointer possible in loop.\n\n * Make sure functions with SSE instructions maintain their own properly\n aligned stack. Thanks to Fabian Greffrath\n\n * Multiple Stack and Heap Corruptions from Malicious File.\n (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870\n bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397\n CVE-2015-9101 bsc#1082400)\n\n * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311)\n\n * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c\n heap-based buffer over-read and ap (bsc#1082333)\n\n * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c\n invalid memory read and application crash (bsc#1082397)\n\n * CVE-2017-9412: FIx unpack_read_samples function in\n frontend/get_audio.c invalid memory read and application crash\n (bsc#1082340)\n\n * Fix clip detect scale suggestion unaware of scale input value\n\n * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency\n Layer3 data resulted in internal buffer overflow.\n\n * Add lame_encode_buffer_interleaved_int()\");\n script_tag(name:\"affected\", value:\"lame on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0544_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00046.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"lame\", rpm:\"lame~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lame-debuginfo\", rpm:\"lame-debuginfo~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lame-debugsource\", rpm:\"lame-debugsource~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lame-doc\", rpm:\"lame-doc~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lame-mp3rtp\", rpm:\"lame-mp3rtp~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lame-mp3rtp-debuginfo\", rpm:\"lame-mp3rtp-debuginfo~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmp3lame-devel\", rpm:\"libmp3lame-devel~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmp3lame0\", rpm:\"libmp3lame0~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmp3lame0-debuginfo\", rpm:\"libmp3lame0-debuginfo~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmp3lame0-32bit\", rpm:\"libmp3lame0-32bit~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmp3lame0-debuginfo-32bit\", rpm:\"libmp3lame0-debuginfo-32bit~3.100~7.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:30:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873799", "title": "Fedora Update for lame FEDORA-2017-38830f1443", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_38830f1443_lame_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for lame FEDORA-2017-38830f1443\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873799\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:16:06 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2015-9099\", \"CVE-2015-9100\", \"CVE-2017-11720\", \"CVE-2017-13712\",\n \"CVE-2017-15018\", \"CVE-2017-15019\", \"CVE-2017-15045\", \"CVE-2017-15046\",\n \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-8419\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for lame FEDORA-2017-38830f1443\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lame'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"lame on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-38830f1443\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JY6563Y6FVVZHSHQNEB55R4KSYZGV2LR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"lame\", rpm:\"lame~3.100~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:30:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310873552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873552", "title": "Fedora Update for lame FEDORA-2017-9c29af2c64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9c29af2c64_lame_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for lame FEDORA-2017-9c29af2c64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873552\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 18:05:28 +0530 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2015-9099\", \"CVE-2015-9100\", \"CVE-2017-11720\", \"CVE-2017-13712\",\n \"CVE-2017-15018\", \"CVE-2017-15019\", \"CVE-2017-15045\", \"CVE-2017-15046\",\n \"CVE-2017-9410\", \"CVE-2017-9411\", \"CVE-2017-9412\", \"CVE-2017-8419\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for lame FEDORA-2017-9c29af2c64\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lame'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"lame on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9c29af2c64\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4C44S3KMREUEPXI3KOGYZFGXUVVSHMV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"lame\", rpm:\"lame~3.100~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-10-12T20:40:49", "bulletinFamily": "NVD", "description": "LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.", "modified": "2017-10-12T10:19:32", "published": "2017-10-04T21:29:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15019", "id": "CVE-2017-15019", "title": "CVE-2017-15019", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-29T10:41:22", "bulletinFamily": "NVD", "description": "The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.", "modified": "2017-06-28T21:29:01", "published": "2017-06-25T15:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9871", "id": "CVE-2017-9871", "title": "CVE-2017-9871", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-31T17:16:34", "bulletinFamily": "NVD", "description": "There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.", "modified": "2017-08-30T21:29:01", "published": "2017-07-28T10:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11720", "id": "CVE-2017-11720", "title": "CVE-2017-11720", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-12T10:43:41", "bulletinFamily": "NVD", "description": "The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.", "modified": "2017-08-11T21:29:08", "published": "2017-07-27T02:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9412", "id": "CVE-2017-9412", "title": "CVE-2017-9412", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-12T10:43:41", "bulletinFamily": "NVD", "description": "The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.", "modified": "2017-08-11T21:29:08", "published": "2017-07-27T02:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9411", "id": "CVE-2017-9411", "title": "CVE-2017-9411", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-02T12:16:57", "bulletinFamily": "NVD", "description": "NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.", "modified": "2017-09-01T10:50:18", "published": "2017-08-28T15:29:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13712", "id": "CVE-2017-13712", "title": "CVE-2017-13712", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-12T10:43:42", "bulletinFamily": "NVD", "description": "The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.", "modified": "2017-08-11T21:29:08", "published": "2017-06-25T15:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9872", "id": "CVE-2017-9872", "title": "CVE-2017-9872", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-10T10:48:11", "bulletinFamily": "NVD", "description": "The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type == 2\" case, a similar issue to CVE-2017-11126.", "modified": "2017-07-09T21:29:00", "published": "2017-06-25T15:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9870", "id": "CVE-2017-9870", "title": "CVE-2017-9870", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-29T10:40:39", "bulletinFamily": "NVD", "description": "The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.", "modified": "2017-06-28T09:51:36", "published": "2017-06-25T15:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9100", "id": "CVE-2015-9100", "title": "CVE-2015-9100", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-12T10:43:42", "bulletinFamily": "NVD", "description": "The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.", "modified": "2017-08-11T21:29:08", "published": "2017-06-25T15:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9869", "id": "CVE-2017-9869", "title": "CVE-2017-9869", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2017-07-28T23:42:30", "bulletinFamily": "exploit", "description": "LAME 3.99.5 - Multiple Vulnerabilities. CVE-2017-9410,CVE-2017-9411,CVE-2017-9412. Dos exploit for Linux platform. Tags: Denial of Service (DoS)", "modified": "2017-07-28T00:00:00", "published": "2017-07-28T00:00:00", "id": "EDB-ID:42390", "href": "https://www.exploit-db.com/exploits/42390/", "type": "exploitdb", "title": "LAME 3.99.5 - Multiple Vulnerabilities", "sourceData": "LAME multiple vulnerabilities\r\n================\r\nAuthor : qflb.wu\r\n===============\r\n\r\n\r\nIntroduction:\r\n=============\r\nFollowing the great history of GNU naming, LAME originally stood for LAME Ain't an Mp3 Encoder.\r\nLAME is an educational tool to be used for learning about MP3 encoding. The goal of the LAME project is to use the open source model to improve the psycho acoustics, noise shaping and speed of MP3.\r\n\r\n\r\nAffected version:\r\n=====\r\n3.99.5\r\n\r\n\r\nVulnerability Description:\r\n==========================\r\n1.\r\nthe fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.\r\n\r\n\r\n./lame lame_3.99.5_heap_buffer_overflow.wav out\r\n\r\n\r\n==26618==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000009f08 at pc 0x5f3a1e bp 0x7ffdfaf74620 sp 0x7ffdfaf74618\r\nREAD of size 4 at 0x60c000009f08 thread T0\r\n #0 0x5f3a1d in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:606\r\n #1 0x5f3a1d in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n #2 0x55257c in lame_encode_buffer_sample_t /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1736\r\n #3 0x55257c in lame_encode_buffer_template /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1891\r\n #4 0x553de1 in lame_encode_buffer_int /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1963\r\n #5 0x488ba9 in lame_encoder_loop /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:462\r\n #6 0x488ba9 in lame_encoder /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:531\r\n #7 0x483c40 in lame_main /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:707\r\n #8 0x48bee1 in c_main /home/a/Downloads/lame-3.99.5/frontend/main.c:470\r\n #9 0x48bee1 in main /home/a/Downloads/lame-3.99.5/frontend/main.c:438\r\n #10 0x7ff8c8771f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #11 0x481a6c in _start (/home/a/Downloads/lame-3.99.5/frontend/lame+0x481a6c)\r\n\r\n\r\n0x60c000009f08 is located 8 bytes to the right of 128-byte region [0x60c000009e80,0x60c000009f00)\r\nallocated by thread T0 here:\r\n #0 0x46ba59 in calloc (/home/a/Downloads/lame-3.99.5/frontend/lame+0x46ba59)\r\n #1 0x5f1302 in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:561\r\n #2 0x5f1302 in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:606 fill_buffer_resample\r\nShadow bytes around the buggy address:\r\n 0x0c187fff9390: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff93a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c187fff93b0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff93c0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff93d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c187fff93e0: fa[fa]fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff93f0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c187fff9410: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff9420: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff9430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n ASan internal: fe\r\n==26618==ABORTING\r\n\r\n\r\nPOC:\r\nlame_3.99.5_heap_buffer_overflow.wav\r\nCVE:\r\nCVE-2017-9410\r\n\r\n\r\n2.\r\nthe fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 can cause a denial of service(invalid memory read and application crash) via a crafted wav file.\r\n\r\n\r\n./lame lame_3.99.5_invalid_memory_read_1.wav out\r\n\r\n\r\n==30841==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005f24ed sp 0x7ffee94d3050 bp 0x000000000000 T0)\r\n #0 0x5f24ec in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:608\r\n #1 0x5f24ec in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n #2 0x55257c in lame_encode_buffer_sample_t /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1736\r\n #3 0x55257c in lame_encode_buffer_template /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1891\r\n #4 0x553de1 in lame_encode_buffer_int /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1963\r\n #5 0x488ba9 in lame_encoder_loop /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:462\r\n #6 0x488ba9 in lame_encoder /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:531\r\n #7 0x483c40 in lame_main /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:707\r\n #8 0x48bee1 in c_main /home/a/Downloads/lame-3.99.5/frontend/main.c:470\r\n #9 0x48bee1 in main /home/a/Downloads/lame-3.99.5/frontend/main.c:438\r\n #10 0x7f48b8cacf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #11 0x481a6c in _start (/home/a/Downloads/lame-3.99.5/frontend/lame+0x481a6c)\r\n\r\n\r\nAddressSanitizer can not provide additional info.\r\nSUMMARY: AddressSanitizer: SEGV /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:608 fill_buffer_resample\r\n==30841==ABORTING\r\n\r\n\r\nPOC:\r\nlame_3.99.5_invalid_memory_read_1.wav\r\nCVE:\r\nCVE-2017-9411\r\n\r\n\r\n3.\r\nthe unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 can cause a denial of service(invalid memory read and application crash) via a crafted wav file.\r\n\r\n\r\n./lame lame_3.99.5_invalid_memory_read_2.wav out\r\n\r\n\r\n(gdb) r\r\nStarting program: lame file out\r\n[Thread debugging using libthread_db enabled]\r\nUsing host libthread_db library \"/lib/i386-linux-gnu/libthread_db.so.1\".\r\n\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x080f27b3 in unpack_read_samples (samples_to_read=-146880, \r\n bytes_per_sample=<optimized out>, swap_order=-2088828928, \r\n pcm_in=0xb6303d80, sample_buffer=<optimized out>) at get_audio.c:1204\r\n1204 GA_URS_IFLOOP(1)\r\n(gdb) disassemble 0x080f27b3,0x080f27ff\r\nDump of assembler code from 0x80f27b3 to 0x80f27ff:\r\n=> 0x080f27b3 <get_audio_common+4051>:mov 0x20000000(%eax),%al\r\n 0x080f27b9 <get_audio_common+4057>:test %al,%al\r\n 0x080f27bb <get_audio_common+4059>:je 0x80f27d0 <get_audio_common+4080>\r\n 0x080f27bd <get_audio_common+4061>:mov $0x8320b78,%edx\r\n 0x080f27c2 <get_audio_common+4066>:and $0x7,%edx\r\n 0x080f27c5 <get_audio_common+4069>:add $0x3,%edx\r\n 0x080f27c8 <get_audio_common+4072>:cmp %al,%dl\r\n 0x080f27ca <get_audio_common+4074>:jge 0x80f6715 <get_audio_common+20277>\r\n 0x080f27d0 <get_audio_common+4080>:xor $0xf879,%ebx\r\n 0x080f27d6 <get_audio_common+4086>:add 0x8320b78,%ebx\r\n 0x080f27dc <get_audio_common+4092>:mov %ebx,%eax\r\n 0x080f27de <get_audio_common+4094>:shr $0x3,%eax\r\n 0x080f27e1 <get_audio_common+4097>:mov 0x20000000(%eax),%al\r\n 0x080f27e7 <get_audio_common+4103>:test %al,%al\r\n 0x080f27e9 <get_audio_common+4105>:je 0x80f27f8 <get_audio_common+4120>\r\n 0x080f27eb <get_audio_common+4107>:mov %ebx,%edx\r\n 0x080f27ed <get_audio_common+4109>:and $0x7,%edx\r\n 0x080f27f0 <get_audio_common+4112>:cmp %al,%dl\r\n 0x080f27f2 <get_audio_common+4114>:jge 0x80f6727 <get_audio_common+20295---Type <return> to continue, or q <return> to quit---\r\n 0x080f27f8 <get_audio_common+4120>:incb (%ebx)\r\n 0x080f27fa <get_audio_common+4122>:movl $0x7c3c,%gs%edi)\r\nEnd of assembler dump.\r\n(gdb) i r\r\neax 0x837f0000-2088828928\r\necx 0x24489288\r\nedx 0xbfee5e20-1074897376\r\nebx 0x7c3c31804\r\nesp 0xbfee4c200xbfee4c20\r\nebp 0xbfee82780xbfee8278\r\nesi 0xfffffcf2-782\r\nedi 0xfffffffc-4\r\neip 0x80f27b30x80f27b3 <get_audio_common+4051>\r\neflags 0x10246[ PF ZF IF RF ]\r\ncs 0x73115\r\nss 0x7b123\r\nds 0x7b123\r\nes 0x7b123\r\nfs 0x00\r\ngs 0x3351\r\n(gdb) x/20x 0x837f0000\r\n0x837f0000:Cannot access memory at address 0x837f0000\r\n\r\n\r\nPOC:\r\nlame_3.99.5_invalid_memory_read_2.wav\r\nCVE:\r\nCVE-2017-9412\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42390.zip\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/42390/"}, {"lastseen": "2017-06-27T02:15:14", "bulletinFamily": "exploit", "description": "LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow. CVE-2017-9872. Dos exploit for Linux platform. Tags: Denial of Service (DoS)", "modified": "2017-06-26T00:00:00", "published": "2017-06-26T00:00:00", "id": "EDB-ID:42259", "href": "https://www.exploit-db.com/exploits/42259/", "type": "exploitdb", "title": "LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow", "sourceData": "Description:\r\nlame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL.\r\n\r\nFew notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and people do not post on the upstream bugzilla is easy discover duplicates, so I downloaded all available testcases, and noone of the bug you will see on my blog is a duplicate of an existing issue. Upstream seems a bit dead, latest release was into 2011, so this blog post will probably forwarded on the upstream bugtracker just for the record.\r\n\r\nThe complete ASan output of the issue:\r\n\r\n# lame -f -V 9 $FILE out.wav\r\n==30801==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe82a515a0 at pc 0x7f56d24c9df7 bp 0x7ffe82a4ffb0 sp 0x7ffe82a4ffa8\r\nWRITE of size 4 at 0x7ffe82a515a0 thread T0\r\n #0 0x7f56d24c9df6 in III_dequantize_sample /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer3.c\r\n #1 0x7f56d24a664f in decode_layer3_frame /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer3.c:1738:17\r\n #2 0x7f56d24733ca in decodeMP3_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:615:13\r\n #3 0x7f56d2470c13 in decodeMP3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:696:12\r\n #4 0x7f56d2431092 in decode1_headersB_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:149:11\r\n #5 0x7f56d243694a in hip_decode1_headersB /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:436:16\r\n #6 0x7f56d243694a in hip_decode1_headers /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:379\r\n #7 0x51e984 in lame_decode_fromfile /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:2089:11\r\n #8 0x51e984 in read_samples_mp3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:877\r\n #9 0x51e984 in get_audio_common /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:785\r\n #10 0x51e4fa in get_audio /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:688:16\r\n #11 0x50f776 in lame_encoder_loop /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:456:17\r\n #12 0x50f776 in lame_encoder /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:531\r\n #13 0x50c43f in lame_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:707:15\r\n #14 0x510793 in c_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:470:15\r\n #15 0x510793 in main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:438\r\n #16 0x7f56d1029680 in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289\r\n #17 0x41c998 in _init (/usr/bin/lame+0x41c998)\r\n\r\nAddress 0x7ffe82a515a0 is located in stack of thread T0 at offset 5024 in frame\r\n #0 0x7f56d24a548f in decode_layer3_frame /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer3.c:1659\r\n\r\n This frame has 4 object(s):\r\n [32, 344) 'scalefacs'\r\n [416, 5024) 'hybridIn' 0x1000505422b0: 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2\r\n 0x1000505422c0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2\r\n 0x1000505422d0: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x1000505422e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x1000505422f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x100050542300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==30801==ABORTING\r\nAffected version:\r\n3.99.5\r\n\r\nFixed version:\r\nN/A\r\n\r\nCommit fix:\r\nN/A\r\n\r\nCredit:\r\nThis bug was discovered by Agostino Sarubbo of Gentoo.\r\n\r\nCVE:\r\nN/A\r\n\r\nReproducer:\r\nhttps://github.com/asarubbo/poc/blob/master/00294-lame-stackoverflow-III_dequantize_sample\r\n\r\nTimeline:\r\n2017-06-01: bug discovered\r\n2017-06-17: blog post about the issue\r\n\r\nNote:\r\nThis bug was found with American Fuzzy Lop.\r\n\r\nPermalink:\r\nhttps://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42259.zip\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/42259/"}, {"lastseen": "2017-06-26T22:15:18", "bulletinFamily": "exploit", "description": "LAME 3.99.5 - 'II_step_one' Buffer Overflow. CVE-2017-9869. Dos exploit for Linux platform. Tags: Denial of Service (DoS)", "modified": "2017-06-26T00:00:00", "published": "2017-06-26T00:00:00", "id": "EDB-ID:42258", "href": "https://www.exploit-db.com/exploits/42258/", "type": "exploitdb", "title": "LAME 3.99.5 - 'II_step_one' Buffer Overflow", "sourceData": "Description:\r\nlame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL.\r\n\r\nFew notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and people do not post on the upstream bugzilla is easy discover duplicates, so I downloaded all available testcases, and noone of the bug you will see on my blog is a duplicate of an existing issue. Upstream seems a bit dead, latest release was into 2011, so this blog post will probably forwarded on the upstream bugtracker just for the record.\r\n\r\nThe complete ASan output of the issue:\r\n\r\n# lame -f -V 9 $FILE out.wav\r\n==27479==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f598d317f20 at pc 0x7f598d2b246b bp 0x7ffe780cf310 sp 0x7ffe780cf308\r\nREAD of size 2 at 0x7f598d317f20 thread T0\r\n #0 0x7f598d2b246a in II_step_one /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:144:36\r\n #1 0x7f598d2b246a in decode_layer2_frame /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:375\r\n #2 0x7f598d29b377 in decodeMP3_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:611:13\r\n #3 0x7f598d298c13 in decodeMP3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:696:12\r\n #4 0x7f598d259092 in decode1_headersB_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:149:11\r\n #5 0x7f598d25e94a in hip_decode1_headersB /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:436:16\r\n #6 0x7f598d25e94a in hip_decode1_headers /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:379\r\n #7 0x51e984 in lame_decode_fromfile /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:2089:11\r\n #8 0x51e984 in read_samples_mp3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:877\r\n #9 0x51e984 in get_audio_common /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:785\r\n #10 0x51e4fa in get_audio /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:688:16\r\n #11 0x50f776 in lame_encoder_loop /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:456:17\r\n #12 0x50f776 in lame_encoder /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:531\r\n #13 0x50c43f in lame_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:707:15\r\n #14 0x510793 in c_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:470:15\r\n #15 0x510793 in main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:438\r\n #16 0x7f598be51680 in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289\r\n #17 0x41c998 in _init (/usr/bin/lame+0x41c998)\r\n\r\n0x7f598d317f20 is located 0 bytes to the right of global variable 'alloc_2' defined in '/var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/l2tables.h:118:24' (0x7f598d317de0) of size 320\r\nSUMMARY: AddressSanitizer: global-buffer-overflow /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:144:36 in II_step_one\r\nShadow bytes around the buggy address:\r\n 0x0febb1a5af90: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5afa0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5afb0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00\r\n 0x0febb1a5afc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5afd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0febb1a5afe0: 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 00 00 00 00\r\n 0x0febb1a5aff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b020: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5b030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==27479==ABORTING\r\nAffected version:\r\n3.99.5\r\n\r\nFixed version:\r\nN/A\r\n\r\nCommit fix:\r\nN/A\r\n\r\nCredit:\r\nThis bug was discovered by Agostino Sarubbo of Gentoo.\r\n\r\nCVE:\r\nN/A\r\n\r\nReproducer:\r\nhttps://github.com/asarubbo/poc/blob/master/00290-lame-globaloverflow-II_step_one\r\n\r\nTimeline:\r\n2017-06-01: bug discovered\r\n2017-06-17: blog post about the issue\r\n\r\nNote:\r\nThis bug was found with American Fuzzy Lop.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42258.zip\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/42258/"}], "zdt": [{"lastseen": "2018-03-06T01:39:05", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2017-07-28T00:00:00", "published": "2017-07-28T00:00:00", "href": "https://0day.today/exploit/description/28202", "id": "1337DAY-ID-28202", "title": "LAME 3.99.5 - Multiple Vulnerabilities", "type": "zdt", "sourceData": "LAME multiple vulnerabilities\r\n================\r\nAuthor : qflb.wu\r\n===============\r\n \r\n \r\nIntroduction:\r\n=============\r\nFollowing the great history of GNU naming, LAME originally stood for LAME Ain't an Mp3 Encoder.\r\nLAME is an educational tool to be used for learning about MP3 encoding. The goal of the LAME project is to use the open source model to improve the psycho acoustics, noise shaping and speed of MP3.\r\n \r\n \r\nAffected version:\r\n=====\r\n3.99.5\r\n \r\n \r\nVulnerability Description:\r\n==========================\r\n1.\r\nthe fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 can cause a denial of service(heap-buffer-overflow and application crash) via a crafted wav file.\r\n \r\n \r\n./lame lame_3.99.5_heap_buffer_overflow.wav out\r\n \r\n \r\n==26618==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000009f08 at pc 0x5f3a1e bp 0x7ffdfaf74620 sp 0x7ffdfaf74618\r\nREAD of size 4 at 0x60c000009f08 thread T0\r\n #0 0x5f3a1d in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:606\r\n #1 0x5f3a1d in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n #2 0x55257c in lame_encode_buffer_sample_t /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1736\r\n #3 0x55257c in lame_encode_buffer_template /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1891\r\n #4 0x553de1 in lame_encode_buffer_int /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1963\r\n #5 0x488ba9 in lame_encoder_loop /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:462\r\n #6 0x488ba9 in lame_encoder /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:531\r\n #7 0x483c40 in lame_main /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:707\r\n #8 0x48bee1 in c_main /home/a/Downloads/lame-3.99.5/frontend/main.c:470\r\n #9 0x48bee1 in main /home/a/Downloads/lame-3.99.5/frontend/main.c:438\r\n #10 0x7ff8c8771f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #11 0x481a6c in _start (/home/a/Downloads/lame-3.99.5/frontend/lame+0x481a6c)\r\n \r\n \r\n0x60c000009f08 is located 8 bytes to the right of 128-byte region [0x60c000009e80,0x60c000009f00)\r\nallocated by thread T0 here:\r\n #0 0x46ba59 in calloc (/home/a/Downloads/lame-3.99.5/frontend/lame+0x46ba59)\r\n #1 0x5f1302 in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:561\r\n #2 0x5f1302 in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n \r\n \r\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:606 fill_buffer_resample\r\nShadow bytes around the buggy address:\r\n 0x0c187fff9390: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff93a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c187fff93b0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff93c0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff93d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c187fff93e0: fa[fa]fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff93f0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c187fff9410: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00\r\n 0x0c187fff9420: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa\r\n 0x0c187fff9430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n ASan internal: fe\r\n==26618==ABORTING\r\n \r\n \r\nPOC:\r\nlame_3.99.5_heap_buffer_overflow.wav\r\nCVE:\r\nCVE-2017-9410\r\n \r\n \r\n2.\r\nthe fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 can cause a denial of service(invalid memory read and application crash) via a crafted wav file.\r\n \r\n \r\n./lame lame_3.99.5_invalid_memory_read_1.wav out\r\n \r\n \r\n==30841==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005f24ed sp 0x7ffee94d3050 bp 0x000000000000 T0)\r\n #0 0x5f24ec in fill_buffer_resample /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:608\r\n #1 0x5f24ec in fill_buffer /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:677\r\n #2 0x55257c in lame_encode_buffer_sample_t /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1736\r\n #3 0x55257c in lame_encode_buffer_template /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1891\r\n #4 0x553de1 in lame_encode_buffer_int /home/a/Downloads/lame-3.99.5/libmp3lame/lame.c:1963\r\n #5 0x488ba9 in lame_encoder_loop /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:462\r\n #6 0x488ba9 in lame_encoder /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:531\r\n #7 0x483c40 in lame_main /home/a/Downloads/lame-3.99.5/frontend/lame_main.c:707\r\n #8 0x48bee1 in c_main /home/a/Downloads/lame-3.99.5/frontend/main.c:470\r\n #9 0x48bee1 in main /home/a/Downloads/lame-3.99.5/frontend/main.c:438\r\n #10 0x7f48b8cacf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)\r\n #11 0x481a6c in _start (/home/a/Downloads/lame-3.99.5/frontend/lame+0x481a6c)\r\n \r\n \r\nAddressSanitizer can not provide additional info.\r\nSUMMARY: AddressSanitizer: SEGV /home/a/Downloads/lame-3.99.5/libmp3lame/util.c:608 fill_buffer_resample\r\n==30841==ABORTING\r\n \r\n \r\nPOC:\r\nlame_3.99.5_invalid_memory_read_1.wav\r\nCVE:\r\nCVE-2017-9411\r\n \r\n \r\n3.\r\nthe unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 can cause a denial of service(invalid memory read and application crash) via a crafted wav file.\r\n \r\n \r\n./lame lame_3.99.5_invalid_memory_read_2.wav out\r\n \r\n \r\n(gdb) r\r\nStarting program: lame file out\r\n[Thread debugging using libthread_db enabled]\r\nUsing host libthread_db library \"/lib/i386-linux-gnu/libthread_db.so.1\".\r\n \r\n \r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x080f27b3 in unpack_read_samples (samples_to_read=-146880, \r\n bytes_per_sample=<optimized out>, swap_order=-2088828928, \r\n pcm_in=0xb6303d80, sample_buffer=<optimized out>) at get_audio.c:1204\r\n1204 GA_URS_IFLOOP(1)\r\n(gdb) disassemble 0x080f27b3,0x080f27ff\r\nDump of assembler code from 0x80f27b3 to 0x80f27ff:\r\n=> 0x080f27b3 <get_audio_common+4051>:mov 0x20000000(%eax),%al\r\n 0x080f27b9 <get_audio_common+4057>:test %al,%al\r\n 0x080f27bb <get_audio_common+4059>:je 0x80f27d0 <get_audio_common+4080>\r\n 0x080f27bd <get_audio_common+4061>:mov $0x8320b78,%edx\r\n 0x080f27c2 <get_audio_common+4066>:and $0x7,%edx\r\n 0x080f27c5 <get_audio_common+4069>:add $0x3,%edx\r\n 0x080f27c8 <get_audio_common+4072>:cmp %al,%dl\r\n 0x080f27ca <get_audio_common+4074>:jge 0x80f6715 <get_audio_common+20277>\r\n 0x080f27d0 <get_audio_common+4080>:xor $0xf879,%ebx\r\n 0x080f27d6 <get_audio_common+4086>:add 0x8320b78,%ebx\r\n 0x080f27dc <get_audio_common+4092>:mov %ebx,%eax\r\n 0x080f27de <get_audio_common+4094>:shr $0x3,%eax\r\n 0x080f27e1 <get_audio_common+4097>:mov 0x20000000(%eax),%al\r\n 0x080f27e7 <get_audio_common+4103>:test %al,%al\r\n 0x080f27e9 <get_audio_common+4105>:je 0x80f27f8 <get_audio_common+4120>\r\n 0x080f27eb <get_audio_common+4107>:mov %ebx,%edx\r\n 0x080f27ed <get_audio_common+4109>:and $0x7,%edx\r\n 0x080f27f0 <get_audio_common+4112>:cmp %al,%dl\r\n 0x080f27f2 <get_audio_common+4114>:jge 0x80f6727 <get_audio_common+20295---Type <return> to continue, or q <return> to quit---\r\n 0x080f27f8 <get_audio_common+4120>:incb (%ebx)\r\n 0x080f27fa <get_audio_common+4122>:movl $0x7c3c,%gs%edi)\r\nEnd of assembler dump.\r\n(gdb) i r\r\neax 0x837f0000-2088828928\r\necx 0x24489288\r\nedx 0xbfee5e20-1074897376\r\nebx 0x7c3c31804\r\nesp 0xbfee4c200xbfee4c20\r\nebp 0xbfee82780xbfee8278\r\nesi 0xfffffcf2-782\r\nedi 0xfffffffc-4\r\neip 0x80f27b30x80f27b3 <get_audio_common+4051>\r\neflags 0x10246[ PF ZF IF RF ]\r\ncs 0x73115\r\nss 0x7b123\r\nds 0x7b123\r\nes 0x7b123\r\nfs 0x00\r\ngs 0x3351\r\n(gdb) x/20x 0x837f0000\r\n0x837f0000:Cannot access memory at address 0x837f0000\r\n \r\n \r\nPOC:\r\nlame_3.99.5_invalid_memory_read_2.wav\r\nCVE:\r\nCVE-2017-9412\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42390.zip\n\n# 0day.today [2018-03-05] #", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/28202"}, {"lastseen": "2018-04-13T07:47:56", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2017-06-26T00:00:00", "published": "2017-06-26T00:00:00", "href": "https://0day.today/exploit/description/28006", "id": "1337DAY-ID-28006", "type": "zdt", "title": "LAME 3.99.5 - II_step_one Buffer Overflow Exploit", "sourceData": "Description:\r\nlame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL.\r\n \r\nFew notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and people do not post on the upstream bugzilla is easy discover duplicates, so I downloaded all available testcases, and noone of the bug you will see on my blog is a duplicate of an existing issue. Upstream seems a bit dead, latest release was into 2011, so this blog post will probably forwarded on the upstream bugtracker just for the record.\r\n \r\nThe complete ASan output of the issue:\r\n \r\n# lame -f -V 9 $FILE out.wav\r\n==27479==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f598d317f20 at pc 0x7f598d2b246b bp 0x7ffe780cf310 sp 0x7ffe780cf308\r\nREAD of size 2 at 0x7f598d317f20 thread T0\r\n #0 0x7f598d2b246a in II_step_one /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:144:36\r\n #1 0x7f598d2b246a in decode_layer2_frame /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:375\r\n #2 0x7f598d29b377 in decodeMP3_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:611:13\r\n #3 0x7f598d298c13 in decodeMP3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/interface.c:696:12\r\n #4 0x7f598d259092 in decode1_headersB_clipchoice /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:149:11\r\n #5 0x7f598d25e94a in hip_decode1_headersB /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:436:16\r\n #6 0x7f598d25e94a in hip_decode1_headers /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/libmp3lame/mpglib_interface.c:379\r\n #7 0x51e984 in lame_decode_fromfile /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:2089:11\r\n #8 0x51e984 in read_samples_mp3 /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:877\r\n #9 0x51e984 in get_audio_common /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:785\r\n #10 0x51e4fa in get_audio /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/get_audio.c:688:16\r\n #11 0x50f776 in lame_encoder_loop /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:456:17\r\n #12 0x50f776 in lame_encoder /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:531\r\n #13 0x50c43f in lame_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/lame_main.c:707:15\r\n #14 0x510793 in c_main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:470:15\r\n #15 0x510793 in main /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/frontend/main.c:438\r\n #16 0x7f598be51680 in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289\r\n #17 0x41c998 in _init (/usr/bin/lame+0x41c998)\r\n \r\n0x7f598d317f20 is located 0 bytes to the right of global variable 'alloc_2' defined in '/var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/l2tables.h:118:24' (0x7f598d317de0) of size 320\r\nSUMMARY: AddressSanitizer: global-buffer-overflow /var/tmp/portage/media-sound/lame-3.99.5-r1/work/lame-3.99.5/mpglib/layer2.c:144:36 in II_step_one\r\nShadow bytes around the buggy address:\r\n 0x0febb1a5af90: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5afa0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5afb0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00\r\n 0x0febb1a5afc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5afd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0febb1a5afe0: 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 00 00 00 00\r\n 0x0febb1a5aff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0febb1a5b020: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\r\n 0x0febb1a5b030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==27479==ABORTING\r\nAffected version:\r\n3.99.5\r\n \r\nFixed version:\r\nN/A\r\n \r\nCommit fix:\r\nN/A\r\n \r\nCredit:\r\nThis bug was discovered by Agostino Sarubbo of Gentoo.\r\n \r\nCVE:\r\nN/A\r\n \r\nReproducer:\r\nhttps://github.com/asarubbo/poc/blob/master/00290-lame-globaloverflow-II_step_one\r\n \r\nTimeline:\r\n2017-06-01: bug discovered\r\n2017-06-17: blog post about the issue\r\n \r\nNote:\r\nThis bug was found with American Fuzzy Lop.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42258.zip\n\n# 0day.today [2018-04-13] #", "sourceHref": "https://0day.today/exploit/28006", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
