Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2017-15046

Low priority
Ignored

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-15045

Low priority

Some fixes available 1 of 2

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a...

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-15019

Low priority

Some fixes available 2 of 4

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-15018

Medium priority

Some fixes available 1 of 2

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-13712

Low priority

Some fixes available 2 of 4

NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-11720

Medium priority

Some fixes available 1 of 2

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9412

Medium priority

Some fixes available 1 of 2

The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9872

Low priority
Ignored

The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or...

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9871

Low priority
Ignored

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly...

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9870

Low priority
Ignored

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file...

1 affected package

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages