15 matches found
EUVD-2017-6520
Malware in sbrugna...
SUSE CVE-2015-9100
The fillbufferresample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...
SUSE CVE-2017-15019
LAME 3.99.5 has a NULL Pointer Dereference in the hipdecodeinit function within libmp3lame/mpglibinterface.c via a malformed mpg file, because of an incorrect calloc call...
LAME Heap Buffer Overflow Vulnerability
LAME is LAME team developed a set of open source MP3 audio compression software . A buffer overflow vulnerability exists in the 'fillbuffer' function of the libmp3lame/util.c file in LAME version 3.99.5. An attacker can exploit this vulnerability to cause a denial of service heap buffer...
Heap overflow
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fillbuffer in libmp3lame/util.c, related to lameencodebuffersamplet in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410...
CVE-2017-15045
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fillbuffer in libmp3lame/util.c, related to lameencodebuffersamplet in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410...
CVE-2017-15045
CVE-2017-15045 affects LAME 3.99/3.99.5 and earlier 3.98.x, with a heap-based buffer over-read in fill_buffer (libmp3lame/util.c) related to lame_encode_buffer_sample_t in libmp3lame/lame.c. The issue is a different vulnerability from CVE-2017-9410. Public notes indicate a heap-based read/overflo...
CVE-2017-15045
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fillbuffer in libmp3lame/util.c, related to lameencodebuffersamplet in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410...
CVE-2017-15019
CVE-2017-15019 affects LAME 3.99.5, where a NULL pointer dereference occurs in hip_decode_init in libmp3lame/mpglib_interface.c during processing of a malformed MPG file due to an incorrect calloc. Reported across multiple advisories and distributions, the issue is mitigated by upgrading to later...
DEBIAN-CVE-2017-13712
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument...
UBUNTU-CVE-2017-13712
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument...
CVE-2017-13712
CVE-2017-13712 is a NULL pointer dereference vulnerability in LAME 3.99.5 (libmp3lame/id3tag.c, id3v2AddAudioDuration) that can cause a Denial of Service. Connected advisories indicate the issue is addressed in later LAME updates (e.g., LAME 3.100) across multiple distributions (openSUSE, Ubuntu ...
LAME fill_buffer_resample function denial of service vulnerability
LAME is an open source MP3 audio compression software. A security vulnerability in the LAME libmp3lame.a/util.c/fillbufferresample function allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it, which can crash the application...
UBUNTU-CVE-2015-9101
The fillbufferresample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...
CVE-2015-9101
The fillbufferresample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...