Lame Project: >> Lame >> 3.01 Security Vulnerabilities
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
CVSS Score
7.8
EPSS Score
0.01
Published
2017-05-02