1
Candidate: CVE-2017-9869
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9869
5
https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
7
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a
8
in LAME 3.99.5 and other products, allows remote attackers to cause a
9
denial of service (buffer over-read and application crash) via a crafted
13
ratliff> reproducer doesn't crash on t-z (no ASAN)
20
upstream_lame: released (3.99.5+repack1-8)
23
vivid/ubuntu-core_lame: DNE
24
xenial_lame: not-affected (3.99.5+repack1-9build1)
25
yakkety_lame: ignored (reached end-of-life)
26
zesty_lame: ignored (reached end-of-life)
27
artful_lame: not-affected (3.99.5+repack1-9build1)
28
bionic_lame: not-affected (3.100-2)
29
devel_lame: not-affected (3.100-2)