LAME III_dequantize_sample function stack buffer overflow vulnerability

LAME is an open source MP3 audio compression software. A stack buffer overflow vulnerability exists in the LAME libmpgdecoder.a/mpglib/layer3.c/IIIdequantizesample function, which allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it,...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

UBUNTU-CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

ALPINE-CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

UBUNTU-CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

PT-2017-7546 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid read and application crash, by exploiting a crafted audio file with a negative sample rate. This is due to a problem in t...

Remote Symbol Resolution

Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After...

Ektron CMS 9.10SP1 Cross Site Scripting

Vulnerability type: Cross Site Scripting Vendor: Ektron Product: Ektron Content Management System Affected version: 9.10SP1Build 9.1.0.184 Patched version: 9.1.0.184SP39.1.0.184.3.127 Credit: Siyavash Ghasseminia, Edmund Goh CVE ID: CVE-2016-6133 PROOF OF CONCEPT Vulnerable URL:...

In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

PT-2017-3783 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue is related to a stack-based buffer overflow in the III dequantize sample function, which can be triggered by a crafted audio file. This can cause a denial of service, leading to an application crash...

Threat Outbreak Alert RuleID29327: Email Messages Distributing Malicious Software on May 29, 2017

Medium Alert ID: 53994 First Published: 2017 May 30 18:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29327 may contain the following files: Name | Size...

Threat Outbreak Alert RuleID29169: Email Messages Distributing Malicious Software on May 17, 2017

Medium Alert ID: 53869 First Published: 2017 May 17 17:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29169 may contain the following files: Name | Size...

Threat Outbreak Alert RuleID29073: Email Messages Distributing Malicious Software on May 9, 2017

Medium Alert ID: 53779 First Published: 2017 May 9 19:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29073 may contain the following files: Name | Size ...

Threat Outbreak Alert RuleID28879: Email Messages Distributing Malicious Software on April 25, 2017

Medium Alert ID: 53557 First Published: 2017 April 25 12:59 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28879 may contain the following files: Name | Si...

Microsoft Office Word Malicious Hta Execution Exploit

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...