ID CVE-2015-9099
Summary The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.
References
Vulnerable Configurations
  • LAME Project LAME 3.99.5
    cpe:2.3:a:lame_project:lame:3.99.5
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-2E2DC86BC6.NASL
    description Update to 3.100 (#1470202, #1505107) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 105843
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105843
    title Fedora 27 : lame (2017-2e2dc86bc6)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9C29AF2C64.NASL
    description Update to 3.100 (#1470202, #1505107) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 104313
    published 2017-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104313
    title Fedora 26 : lame (2017-9c29af2c64)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-38830F1443.NASL
    description Update to 3.100 (#1470202, #1505107) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 104596
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104596
    title Fedora 25 : lame (2017-38830f1443)
refmap via4
bid 99279
misc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959
Last major update 25-06-2017 - 15:29
Published 25-06-2017 - 15:29
Last modified 28-06-2017 - 09:51
Back to Top