CVE-2017-9872

2017-06-25T00:00:00
ID UB:CVE-2017-9872
Type ubuntucve
Reporter ubuntu.com
Modified 2017-06-25T00:00:00

Description

The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

Notes

Author| Note
---|---
ratliff | reproducer doesn't crash on zesty (no ASAN) no patch available 2017-06-26