Medium severity5.5NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-15018

Description

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.

Affected products

Lame Project/Lame9 versions
cpe:2.3:a:lame_project:lame:3.98:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:lame_project:lame:3.98:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:lame_project:lame:3.99.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/lame/bugs/480/nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000