Re: LAME Security Bugs Published

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: LAME Security Bugs Published

Mp3 - Lame mailing list
Just FYI -- 
Roberto José de AmorimMSc in Computer Science
Columbia University - New York



      De: Nick <[hidden email]>
 Para: [hidden email]
 Enviadas: Terça-feira, 1 de Agosto de 2017 17:19
 Assunto: LAME Security Bugs Published
   
Hi Roberto,

Sorry to bother you directly like this, especially as you're the webmaster but may not be an actual LAME developer - but you're the only project member who publishes an email address on the website.

On 26th.July.2017 a (Chinese?) security researcher has published on the Full Disclosure security mailing list details of 3 bugs he discovered in LAME that appear to be no worse than denial-of-service (crash):
http://seclists.org/fulldisclosure/2017/Jul/63

The bugs all have CVEs and appear to involve improper handling of malformed .wav files.  The researcher gives no indication that he has contacted the LAME project about the problem.

I just wanted to make sure you folks know about this - please make sure the right people at your end are aware.

Cheers
Nick
--
Never FDISK after midnight.



   
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Lame-dev mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/lame-dev