Lame Project: >> Lame >> 3.97 Security Vulnerabilities
LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-10-06
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
CVSS Score
7.8
EPSS Score
0.01
Published
2017-05-02