rpm package
suse/lame&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/lame&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15019 | Hig | 7.8 | < 3.100-6.1 | 3.100-6.1 | Oct 5, 2017 | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | |
| CVE-2017-13712 | Hig | 7.5 | < 3.100-6.1 | 3.100-6.1 | Aug 28, 2017 | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | |
| CVE-2017-11720 | Cri | 9.8 | < 3.100-6.1 | 3.100-6.1 | Jul 28, 2017 | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. | |
| CVE-2017-9412 | Med | 5.5 | < 3.100-6.1 | 3.100-6.1 | Jul 27, 2017 | The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | |
| CVE-2017-9872 | Hig | 7.8 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted | |
| CVE-2017-9871 | Hig | 7.8 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio fi | |
| CVE-2017-9870 | Med | 5.5 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type | |
| CVE-2017-9869 | Med | 5.5 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |
| CVE-2015-9101 | Med | 5.5 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |
| CVE-2015-9100 | Med | 5.5 | < 3.100-6.1 | 3.100-6.1 | Jun 25, 2017 | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. |
- affected < 3.100-6.1fixed 3.100-6.1
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
- affected < 3.100-6.1fixed 3.100-6.1
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.
- affected < 3.100-6.1fixed 3.100-6.1
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
- affected < 3.100-6.1fixed 3.100-6.1
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
- affected < 3.100-6.1fixed 3.100-6.1
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted
- affected < 3.100-6.1fixed 3.100-6.1
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio fi
- affected < 3.100-6.1fixed 3.100-6.1
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type
- affected < 3.100-6.1fixed 3.100-6.1
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
- affected < 3.100-6.1fixed 3.100-6.1
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
- affected < 3.100-6.1fixed 3.100-6.1
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.