The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
Following CVE is assigned for this issue: https://nvd.nist.gov/vuln/detail/CVE-2017-9411
Originally reported here http://seclists.org/fulldisclosure/2017/Jul/63 as the second issue.
PoC in http://seclists.org/fulldisclosure/2017/Jul/att-63/poc_zip.bin
I supect it is a duplicate of: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161
Thanks, we get addressed in version 3.100.