Vulnerability Details CVE-2017-15019
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
Products affected by CVE-2017-15019
-
cpe:2.3:a:lame_project:lame:3.99.5