SUSE CVE-2017-15019

🗓️ 15 Feb 2023 04:38:54Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 4 Views

CVE-2017-15019: LAME 3.99.5 has a NULL pointer dereference in hip_decode_init from a malformed mpg file caused by calloc.

Reporter	Title	Published	Views	Family All 39
CNVD	LAME Null Pointer Reference Denial of Service Vulnerability	9 Oct 201700:00	–	cnvd
CVE	CVE-2017-15019	4 Oct 201707:00	–	cve
Cvelist	CVE-2017-15019	4 Oct 201707:00	–	cvelist
Debian CVE	CVE-2017-15019	4 Oct 201707:00	–	debiancve
EUVD	EUVD-2017-6494	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 25 Update: lame-3.100-1.fc25	15 Nov 201722:30	–	fedora
Fedora	[SECURITY] Fedora 27 Update: lame-3.100-1.fc27	11 Nov 201713:48	–	fedora
Fedora	[SECURITY] Fedora 26 Update: lame-3.100-1.fc26	1 Nov 201700:13	–	fedora
Mageia	Updated lame packages fix security vulnerabilities	1 Dec 201723:13	–	mageia
NVD	CVE-2017-15019	5 Oct 201701:29	–	nvd

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	12.2	any	lame	3.100-6.1	lame-3.100-6.1.noarch.rpm
SUSE Linux Enterprise Server	12.2	any	lame-doc	3.100-6.1	lame-doc-3.100-6.1.noarch.rpm
SUSE Linux Enterprise Server	12.2	any	lame-mp3rtp	3.100-6.1	lame-mp3rtp-3.100-6.1.noarch.rpm
SUSE Linux Enterprise Server	12.2	any	libmp3lame-devel	3.100-6.1	libmp3lame-devel-3.100-6.1.noarch.rpm
SUSE Linux Enterprise Server	12.2	any	libmp3lame0	3.100-6.1	libmp3lame0-3.100-6.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2017-15019
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1082317
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7/
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/KH623JZ3J2KZAJL44XIFV3PAHON2NVKG/

13 May 2026 15:57Current

9.4High risk

Vulners AI Score9.4

CVSS 37.8

EPSS0.00273

cve-2017-15019 lame 3.99.5 null pointer hip_decode_init libmp3lame mpglib interface malformed mpg file calloc bug