Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-9872

Published: 25/06/2017 Updated: 12/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Lame

Vulnerability Summary

The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote malicious users to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

Vulnerable Product Search on Vulmon Subscribe to Product

lame project lame 3.99.5

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872
Debian Bug report logs - #867725 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 Package: src:lame; Maintainer for src:lame is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 8 Jul 2017 22:27:01 UTC Severity: grav ...
Arch Linux Issues:
The III_dequantize_sample function in layer3c in mpglib, as used in libmpgdecodera in LAME before 3100 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly execute arbitrary code via a crafted audio file ...

Exploits

Exploit DB: LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL Few notes before the details of this bug Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker In cases like this, when upstream is not active and people do not post on the upstream bugzilla is ea ...

References

CWE-119https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/http://www.securityfocus.com/bid/99270https://www.exploit-db.com/exploits/42259/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867725https://nvd.nist.govhttps://www.exploit-db.com/exploits/42259/https://security.archlinux.org/CVE-2017-9872
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook