Vulnerability Details : CVE-2017-15045
Potential exploit
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.
Products affected by CVE-2017-15045
- cpe:2.3:a:lame_project:lame:3.99.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15045
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15045
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-15045
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15045
-
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-15045
Pocs_for_Multi_Versions/CVE-2017-15045 at main · Hack-Me/Pocs_for_Multi_Versions · GitHub
-
https://sourceforge.net/p/lame/bugs/478/
LAME (Lame Aint an MP3 Encoder) / Bugs / #478 Heap-Buffer Overflow on supplying malformed input mp3Exploit;Third Party Advisory
Jump to