Vulnerabilities > Lame Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-15019 | NULL Pointer Dereference vulnerability in Lame Project Lame 3.99.5 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | 7.8 |
| 2017-08-28 | CVE-2017-13712 | NULL Pointer Dereference vulnerability in Lame Project Lame 3.99.5 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | 7.5 |
| 2017-06-25 | CVE-2017-9872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame 3.99.5 The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 7.8 |
| 2017-06-25 | CVE-2017-9871 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame 3.99.5 The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 7.8 |
| 2017-05-02 | CVE-2017-8419 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. | 7.8 |