Summary: | <media-sound/lame-3.100: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/lame/bugs/460/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-29 00:01:50 UTC
I'm pretty sure that is a duplicate of: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ CVE ID: CVE-2017-15018 Summary: LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. CVE ID: CVE-2017-15019 Summary: LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. CVE ID: CVE-2017-8419 Summary: LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. CVE ID: CVE-2017-11720 Summary: There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. Package is a B and the DoS rates a 3. No PoC for ACE/RCE due to "unspecified impacts" wording in CVE. GLSA Vote: No. Cleanup will be handled in bug #634598 |