The unpackreadsamples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.99.5+repack1-3ubuntu1+esm2", "binary_name": "lame" }, { "binary_version": "3.99.5+repack1-3ubuntu1+esm2", "binary_name": "lame-dbgsym" }, { "binary_version": "3.99.5+repack1-3ubuntu1+esm2", "binary_name": "lame-doc" }, { "binary_version": "3.99.5+repack1-3ubuntu1+esm2", "binary_name": "libmp3lame-dev" }, { "binary_version": "3.99.5+repack1-3ubuntu1+esm2", "binary_name": "libmp3lame0" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.99.5+repack1-9build1", "binary_name": "lame" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "lame-dbg" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "lame-dbgsym" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "lame-doc" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "libmp3lame-dev" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "libmp3lame-dev-dbgsym" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "libmp3lame0" }, { "binary_version": "3.99.5+repack1-9build1", "binary_name": "libmp3lame0-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.100-2", "binary_name": "lame" }, { "binary_version": "3.100-2", "binary_name": "lame-dbgsym" }, { "binary_version": "3.100-2", "binary_name": "lame-doc" }, { "binary_version": "3.100-2", "binary_name": "libmp3lame-dev" }, { "binary_version": "3.100-2", "binary_name": "libmp3lame0" }, { "binary_version": "3.100-2", "binary_name": "libmp3lame0-dbgsym" } ] }