ID CVE-2017-15019
Summary LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
References
Vulnerable Configurations
  • LAME Project LAME 3.99.5
    cpe:2.3:a:lame_project:lame:3.99.5
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
NASL family SuSE Local Security Checks
NASL id OPENSUSE-2018-214.NASL
description This update for lame fixes the following issues : Lame was updated to version 3.100 : - Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection - New switch --gain , range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale . - Fix for sf#3558466 Bug in path handling - Fix for sf#3567844 problem with Tag genre - Fix for sf#3565659 no progress indication with pipe input - Fix for sf#3544957 scale (empty) silent encode without warning - Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore - Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) - Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401) - Fix dereference of a NULL pointer possible in loop. - Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath - Multiple Stack and Heap Corruptions from Malicious File. (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400) - CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311) - CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333) - CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397) - CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340) - Fix clip detect scale suggestion unaware of scale input value - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. - Add lame_encode_buffer_interleaved_int()
last seen 2019-02-21
modified 2018-02-28
plugin id 107048
published 2018-02-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=107048
title openSUSE Security Update : lame (openSUSE-2018-214)
refmap via4
misc https://sourceforge.net/p/lame/bugs/477/
Last major update 04-10-2017 - 21:29
Published 04-10-2017 - 21:29
Last modified 12-10-2017 - 10:19
Back to Top