LAME (Lame Aint an MP3 Encoder) / Bugs / #461 CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and application crash

#461 CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and application crash

Milestone: Compatibility

Status: closed

Owner: Robert Hegemann

Labels: security (12)

Priority: 9

Updated: 2017-08-13

Created: 2017-07-29

Creator: Henri Salo

Private: No

The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.

Following CVE is assigned for this issue: https://nvd.nist.gov/vuln/detail/CVE-2017-9410

Originally reported here http://seclists.org/fulldisclosure/2017/Jul/63 as the first issue.

PoC in http://seclists.org/fulldisclosure/2017/Jul/att-63/poc_zip.bin

Discussion

Agostino Sarubbo - 2017-07-31

I suspect it is a duplicate of: https://blogs.gentoo.org/ago/2017/06/17/lame-heap-based-buffer-overflow-in-fill_buffer_resample-util-c/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Hegemann - 2017-08-13

status: open --> closed

assigned_to: Robert Hegemann
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Hegemann - 2017-08-13

Thanks, we get addressed in version 3.100.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based...

A high quality MP3 encoder

Group

Searches

Help

#461 CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and application crash

Discussion