Division by zero in lame - CVE-2017-11720

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

How to mitigate CVE-2017-11720

Sources

• https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
• https://bugs.debian.org/777159
• https://sourceforge.net/p/lame/bugs/460/