| Errata ID | 457 |
|---|---|
| Date | 2018-08-15 |
| Source package | lame |
| Fixed in version | 3.99.5+repack1-7+deb8u2 |
| Description | This update addresses the following issues: * allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. (CVE-2017-9869) * allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case. (CVE-2017-9870) * allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. (CVE-2017-9871) * allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. (CVE-2017-9872) * heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. (CVE-2017-15018) * heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c. (CVE-2017-15045) * stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c. (CVE-2017-15046) |
| Additional notes | |
| CVE ID | CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 CVE-2017-15018 CVE-2017-15045 CVE-2017-15046 |
| UCS Bug number | #47555 |
