FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libmad -- multiple vulnerabilities

Affected packages
libmad < 0.15.1b_7

Details

VuXML ID b48e7b14-052a-11ea-a1de-53b029d2b061
Discovery 2017-04-30
Entry 2019-11-13

National Vulnerability Database:

CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.

[source]

CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

[source]

CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

[source]

References

CVE Name CVE-2017-8372
CVE Name CVE-2017-8373
CVE Name CVE-2017-8374
URL https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
URL https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
URL https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
URL https://nvd.nist.gov/vuln/detail/CVE-2017-8372
URL https://nvd.nist.gov/vuln/detail/CVE-2017-8373
URL https://nvd.nist.gov/vuln/detail/CVE-2017-8374

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.