Published: 25/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote malicious users to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lame project lame 3.99.5

Debian Bug report logs - #867725 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 Package: src:lame; Maintainer for src:lame is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 8 Jul 2017 22:27:01 UTC Severity: grav ...

The II_step_one function in layer2c in mpglib, as used in libmpgdecodera in LAME before 3100 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file ...

Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL Few notes before the details of this bug Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker In cases like this, when upstream is not active and people do not post on the upstream bugzilla is ea ...

CWE-125 https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/http://www.securityfocus.com/bid/99272 https://www.exploit-db.com/exploits/42258/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867725 https://nvd.nist.gov https://www.exploit-db.com/exploits/42258/https://security.archlinux.org/CVE-2017-9869

CVE-2017-9869

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect