Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2017-15046

Low priority
Vulnerable

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-15045

Low priority

Some fixes available 1 of 2

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a...

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-15019

Low priority

Some fixes available 2 of 4

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-15018

Medium priority

Some fixes available 1 of 2

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-13712

Low priority

Some fixes available 2 of 4

NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-11720

Medium priority

Some fixes available 1 of 2

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9412

Medium priority

Some fixes available 1 of 2

The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9872

Low priority
Vulnerable

The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or...

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9871

Low priority
Vulnerable

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly...

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9870

Low priority
Vulnerable

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file...

1 affected packages

lame

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lame Not affected Not affected Not affected Not affected Not affected
Show less packages