4 matches found
CVE-2017-8372
CVE-2017-8372 affects Underbit MAD libmad 0.15.1b: the mad_layer_III function in layer3.c can trigger an assertion failure and application exit (DoS) when NDEBUG is omitted and a crafted audio file is processed. Connected advisories note multiple vendor patches (e.g., Debian DLA-1380-1; SUSE/SUSE...
CVE-2017-8373
CVE-2017-8373 affects Underbit MAD libmad 0.15.1b; the mad_layer_III function in layer3.c can be exploited by a crafted audio file to trigger a heap-based buffer overflow and crash the application (remote exploit possibility). Several advisories (SUSE, Debian, FreeBSD, Fedora) note this issue and...
CVE-2017-11552
CVE-2017-11552 affects mpg321 0.3.2-1 when used with libmad 0.15.1b. The mad_decoder_run function in decoder.c can memory-corrupt, allowing a remote attacker to cause a denial of service via a crafted MP3 file. This is corroborated by linked advisories noting the fix in mad packages (e.g., Mageia...
CVE-2017-8374
CVE-2017-8374 affects libmad (Underbit MAD) via the mad_bit_skip function in bit.c, where a crafted audio file can cause a heap-based buffer over-read and application crash. Connected advisories show the issue being fixed in libmad updates across distributions: openSUSE openSUSE-2018-205 notes a ...