Candidate: CVE-2017-15019
PublicDate: 2017-10-05 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15019
Description:
 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function
 within libmp3lame/mpglib_interface.c via a malformed mpg file, because of
 an incorrect calloc call.
Ubuntu-Description:
Notes:
Bugs:
 https://sourceforge.net/p/lame/bugs/477/
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_lame:
upstream_lame: released (3.100-1)
precise/esm_lame: DNE
trusty_lame: ignored (out of standard support)
trusty/esm_lame: needed
vivid/ubuntu-core_lame: DNE
xenial_lame: ignored (end of standard support, was needed)
zesty_lame: ignored (reached end-of-life)
artful_lame: ignored (reached end-of-life)
bionic_lame: not-affected (3.100-2)
cosmic_lame: not-affected (3.100-2)
disco_lame: not-affected (3.100-2)
eoan_lame: not-affected (3.100-2)
focal_lame: not-affected (3.100-2)
groovy_lame: not-affected (3.100-2)
hirsute_lame: not-affected (3.100-2)
impish_lame: not-affected (3.100-2)
jammy_lame: not-affected (3.100-2)
devel_lame: not-affected (3.100-2)