CVE-2017-15018 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-15018 Interim 1 9 2022-10-15T16:04:00Z current 2021-05-30T14:02:43Z 2022-10-15T16:04:00Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-15018 LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 lame libmp3lame-devel libmp3lame0 libmp3lame-devel as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libmp3lame0 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 lame as a component of SUSE Linux Enterprise Module for Desktop Applications 15 LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. CVE-2017-15018 SUSE Linux Enterprise Module for Desktop Applications 15:lame SUSE Linux Enterprise Module for Desktop Applications 15:libmp3lame-devel SUSE Linux Enterprise Module for Desktop Applications 15:libmp3lame0 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H