SB2017062507 - Multiple vulnerabilities in lame.sourceforge.net lame
Published: June 25, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-15045)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. A remote attacker can perform a denial of service attack.
2) Stack-based buffer overflow (CVE-ID: CVE-2017-15046)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Out-of-bounds read (CVE-ID: CVE-2017-15018)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. A remote attacker can perform a denial of service attack.
4) NULL pointer dereference (CVE-ID: CVE-2017-15019)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed mpg file, because of an incorrect calloc call.
5) NULL pointer dereference (CVE-ID: CVE-2017-13712)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. A remote attacker can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2017-9869)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products,. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted audio file.
7) Out-of-bounds read (CVE-ID: CVE-2017-9870)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products,. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.
8) Stack-based buffer overflow (CVE-ID: CVE-2017-9871)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a when processing a crafted audio file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2017-9872)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a when processing a crafted audio file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://sourceforge.net/p/lame/bugs/478/
- https://sourceforge.net/p/lame/bugs/479/
- https://sourceforge.net/p/lame/bugs/480/
- https://sourceforge.net/p/lame/bugs/477/
- http://www.securityfocus.com/bid/100525
- https://sourceforge.net/p/lame/bugs/472/
- http://www.securityfocus.com/bid/99272
- https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
- https://www.exploit-db.com/exploits/42258/
- http://www.securityfocus.com/bid/99287
- https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
- http://www.securityfocus.com/bid/99289
- https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
- http://www.securityfocus.com/bid/99270
- https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
- https://www.exploit-db.com/exploits/42259/