LAME (Lame Aint an MP3 Encoder)
by Lame Project
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11720 | Cri | 0.64 | 9.8 | 0.02 | Jul 28, 2017 | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. | ||
| CVE-2017-13712 | Hig | 0.49 | 7.5 | 0.02 | Aug 28, 2017 | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | ||
| CVE-2017-15045 | Med | 0.36 | 5.5 | 0.01 | Oct 6, 2017 | LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | ||
| CVE-2017-15018 | Med | 0.36 | 5.5 | 0.01 | Oct 5, 2017 | LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. |
- risk 0.64cvss 9.8epss 0.02
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
- risk 0.49cvss 7.5epss 0.02
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.
- risk 0.36cvss 5.5epss 0.01
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.
- risk 0.36cvss 5.5epss 0.01
LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.