Описание
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.99.5+repack1-9build1 |
| bionic | not-affected | 3.100-2 |
| cosmic | not-affected | 3.100-2 |
| devel | not-affected | 3.100-2 |
| disco | not-affected | 3.100-2 |
| eoan | not-affected | 3.100-2 |
| esm-apps/xenial | not-affected | 3.99.5+repack1-9build1 |
| esm-infra-legacy/trusty | released | 3.99.5+repack1-3ubuntu1+esm2 |
| esm-infra/bionic | not-affected | 3.100-2 |
| esm-infra/focal | not-affected | 3.100-2 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
LAME through 3.99.5 relies on the signed integer data type for values ...
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3