VYPR

rpm package

suse/lame&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/lame&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (10)

  • CVE-2017-15019HigOct 5, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

  • CVE-2017-13712HigAug 28, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.

  • CVE-2017-11720CriJul 28, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

  • CVE-2017-9412MedJul 27, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

  • CVE-2017-9872HigJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted

  • CVE-2017-9871HigJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio fi

  • CVE-2017-9870MedJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type

  • CVE-2017-9869MedJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

  • CVE-2015-9101MedJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

  • CVE-2015-9100MedJun 25, 2017
    affected < 3.100-6.1fixed 3.100-6.1

    The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.