CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9869

The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

CVE-2017-9871

The CVE-2017-9871 issue affects the mpglib decoder (III_i_stereo in layer3.c) used by LAME 3.99.5 and related products. The vulnerability is a stack-based buffer overflow in the MP3 decoding path that can be triggered by a crafted audio file, potentially causing an application crash or denial of ...

CVE-2017-9872

CVE-2017-9872 affects mpglib’s III_dequantize_sample in Layer3.c (used by LAME 3.99.5 and related products). Exploitation via a crafted audio file can cause a stack-based buffer overflow and application crash (denial of service). OpenSUSE security update openSUSE-2018-214 notes a fix in LAME 3.10...

CVE-2017-9869

CVE-2017-9869 affects the LAME mpglib/libmpgdecoder layer2.c II_step_one function, where a crafted audio file can trigger a buffer over-read and crash the application (denial of service). Public advisories in openSUSE list CVE-2017-9869 among fixes when upgrading lame to version 3.100, indicating...

CVE-2017-9869

The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...