Re: LAME Security Bugs Published

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: LAME Security Bugs Published

Mp3 - Lame mailing list
Just FYI -- 
Roberto José de AmorimMSc in Computer Science
Columbia University - New York

      De: Nick <[hidden email]>
 Para: [hidden email]
 Enviadas: Terça-feira, 1 de Agosto de 2017 17:19
 Assunto: LAME Security Bugs Published
Hi Roberto,

Sorry to bother you directly like this, especially as you're the webmaster but may not be an actual LAME developer - but you're the only project member who publishes an email address on the website.

On 26th.July.2017 a (Chinese?) security researcher has published on the Full Disclosure security mailing list details of 3 bugs he discovered in LAME that appear to be no worse than denial-of-service (crash):

The bugs all have CVEs and appear to involve improper handling of malformed .wav files.  The researcher gives no indication that he has contacted the LAME project about the problem.

I just wanted to make sure you folks know about this - please make sure the right people at your end are aware.

Never FDISK after midnight.

Check out the vibrant tech community on one of the world's most
engaging tech sites,!
Lame-dev mailing list
[hidden email]