CVE-2015-9099

CVE-2015-9099 affects LAME 3.99.5 (libmp3lame.a) with the vulnerable lame_init_params in lame.c. A crafted audio file with a negative sample rate can cause an invalid read and application crash, enabling a denial of service. Connected advisories indicate vendor-specific patches: Fedora/Fedora-lin...

CVE-2017-9872

CVE-2017-9872 affects mpglib’s III_dequantize_sample in Layer3.c (used by LAME 3.99.5 and related products). Exploitation via a crafted audio file can cause a stack-based buffer overflow and application crash (denial of service). OpenSUSE security update openSUSE-2018-214 notes a fix in LAME 3.10...

CVE-2017-9869

The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

CVE-2017-9870

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file that is mishandled in the code for the "blocktype == 2" case, a similar...

CVE-2017-9871

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9100

The fillbufferresample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9100

The fillbufferresample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

CVE-2015-9101

The fillbufferresample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...

CVE-2017-9869

The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

CVE-2017-9871

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9100

The fillbufferresample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

PT-2017-7546 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid read and application crash, by exploiting a crafted audio file with a negative sample rate. This is due to a problem in t...

MGASA-2017-0168 Updated libsndfile packages fix security vulnerabilities

A stack-based buffer overflow via a specially crafted FLAC file due to an error in the headerread function CVE-2017-7586. Several stack-based buffer overflows via a specially crafted FLAC file due to an error in the flacbuffercopy function CVE-2017-7585, CVE-2017-7741, CVE-2017-7742. Global buffe...

UBUNTU-CVE-2017-6892

In libsndfile version 1.0.28, an error in the "aiffreadchanmap" function aiff.c can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file...

PT-2017-3783 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue is related to a stack-based buffer overflow in the III dequantize sample function, which can be triggered by a crafted audio file. This can cause a denial of service, leading to an application crash...