[3.5] lame: Multiple vulnerabilities (CVE-2015-9099, CVE-2015-9100, CVE-2017-9410, CVE-2017-9411, CVE-2017-9412, CVE-2017-11720)
CVE-2015-9099: The lame_init_params function in lame.c in
libmp3lame.a in LAME 3.99.5 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file with a negative sample rate.
References:
https://nvd.nist.gov/vuln/detail/CVE-2015-9099
CVE-2015-9100: The fill_buffer_resample function in util.c in
libmp3lame.a in LAME 3.99.5 allows remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via a crafted audio file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2015-9100
CVE-2017-9410: The fill_buffer_resample function in
libmp3lame/util.c in LAME 3.99.5 allows remote attackers
to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted wav file.
References:
http://seclists.org/fulldisclosure/2017/Jul/63
CVE-2017-9411: The fill_buffer_resample function in
libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a
denial of
service (invalid memory read and application crash) via a crafted wav
file.
References:
http://seclists.org/fulldisclosure/2017/Jul/63
CVE-2017-9412: The unpack_read_samples function in
frontend/get_audio.c in LAME 3.99.5 allows remote attackers
to cause a denial of service (invalid memory read and application crash)
via a crafted wav file.
References:
http://seclists.org/fulldisclosure/2017/Jul/63
CVE-2017-11720: There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11720
(from redmine: issue id 7628, created on 2017-08-04, closed on 2017-08-07)
- Relations:
- parent #7625 (closed)