LAME (Lame Aint an MP3 Encoder) / Bugs / #462 CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash

#462 CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash

Milestone: Compatibility

Status: closed

Owner: Robert Hegemann

Labels: None

Priority: 5

Updated: 2017-08-13

Created: 2017-07-29

Creator: Henri Salo

Private: No

The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

Following CVE is assigned for this issue: https://nvd.nist.gov/vuln/detail/CVE-2017-9411

Originally reported here http://seclists.org/fulldisclosure/2017/Jul/63 as the second issue.

PoC in http://seclists.org/fulldisclosure/2017/Jul/att-63/poc_zip.bin

Discussion

Agostino Sarubbo - 2017-07-31

I supect it is a duplicate of: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Hegemann - 2017-08-13

status: open --> closed

assigned_to: Robert Hegemann
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Hegemann - 2017-08-13

Thanks, we get addressed in version 3.100.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid...

A high quality MP3 encoder

Group

Searches

Help

#462 CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash

Discussion