CVE-2017-9871 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-9871 Interim 1 24 2023-12-09T01:03:35Z current 2021-05-30T13:57:43Z 2023-12-09T01:03:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-9871 The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7/#6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7 E-Mail link for openSUSE-SU-2018:0543-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH623JZ3J2KZAJL44XIFV3PAHON2NVKG/#KH623JZ3J2KZAJL44XIFV3PAHON2NVKG E-Mail link for openSUSE-SU-2018:0544-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Package Hub 12 SP2 lame lame-3.100-6.1 lame-doc-3.100-6.1 lame-mp3rtp-3.100-6.1 libmp3lame-devel libmp3lame-devel-3.100-6.1 libmp3lame0 libmp3lame0-3.100-6.1 lame-3.100-6.1 as a component of SUSE Package Hub 12 SP2 lame-doc-3.100-6.1 as a component of SUSE Package Hub 12 SP2 lame-mp3rtp-3.100-6.1 as a component of SUSE Package Hub 12 SP2 libmp3lame-devel-3.100-6.1 as a component of SUSE Package Hub 12 SP2 libmp3lame0-3.100-6.1 as a component of SUSE Package Hub 12 SP2 libmp3lame-devel as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libmp3lame0 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 lame as a component of SUSE Linux Enterprise Module for Desktop Applications 15 The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-9871 SUSE Package Hub 12 SP2:lame-3.100-6.1 SUSE Package Hub 12 SP2:lame-doc-3.100-6.1 SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1 SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1 SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1 SUSE Linux Enterprise Module for Desktop Applications 15:lame SUSE Linux Enterprise Module for Desktop Applications 15:libmp3lame-devel SUSE Linux Enterprise Module for Desktop Applications 15:libmp3lame0 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H