Lame_project Lame
15 CVEs affecting Lame_project Lame. Latest disclosed: 2017-10-06. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-11720 | Critical | 9.8 | 2017-07-28 | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. |
CVE-2017-15019 | High | 7.8 | 2017-10-05 | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorre… |
CVE-2017-9872 | High | 7.8 | 2017-06-25 | The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a deni… |
CVE-2017-9871 | High | 7.8 | 2017-06-25 | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of ser… |
CVE-2017-8419 | High | 7.8 | 2017-05-02 | LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stac… |
CVE-2017-13712 | High | 7.5 | 2017-08-28 | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggerin… |
CVE-2017-15046 | Medium | 5.5 | 2017-10-06 | LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability… |
CVE-2017-15045 | Medium | 5.5 | 2017-10-06 | LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to la… |
CVE-2017-15018 | Medium | 5.5 | 2017-10-05 | LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrqu… |
CVE-2017-9412 | Medium | 5.5 | 2017-07-27 | The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and applicati… |
CVE-2017-9870 | Medium | 5.5 | 2017-06-25 | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of ser… |
CVE-2017-9869 | Medium | 5.5 | 2017-06-25 | The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of serv… |
CVE-2015-9101 | Medium | 5.5 | 2017-06-25 | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attacke… |
CVE-2015-9100 | Medium | 5.5 | 2017-06-25 | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and a… |
CVE-2015-9099 | Medium | 5.5 | 2017-06-25 | The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash… |