lame_project CVE Vulnerabilities & Metrics

Focus on lame_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About lame_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lame_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lame_project CVEs: 15
Earliest CVE date: 02 May 2017, 14:59 UTC
Latest CVE date: 06 Oct 2017, 04:29 UTC

Latest CVE reference: CVE-2017-15046

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lame_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.23

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	14
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS lame_project CVEs

These are the five CVEs with the highest CVSS scores for lame_project, sorted by severity first and recency.

CVE-2017-11720 lame_project Published on 28 Jul 2017, 14:29 UTC (CVSS: 7.5)
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
CVE-2017-15019 lame_project Published on 05 Oct 2017, 01:29 UTC (CVSS: 6.8)
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
CVE-2017-9872 lame_project Published on 25 Jun 2017, 19:29 UTC (CVSS: 6.8)
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-9871 lame_project Published on 25 Jun 2017, 19:29 UTC (CVSS: 6.8)
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-8419 lame_project Published on 02 May 2017, 14:59 UTC (CVSS: 6.8)
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.

All CVEs for lame_project

CVE-2017-15046 lame_project vulnerability CVSS: 4.3 06 Oct 2017, 04:29 UTC

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.

CVE-2017-15045 lame_project vulnerability CVSS: 4.3 06 Oct 2017, 04:29 UTC

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.

CVE-2017-15019 lame_project vulnerability CVSS: 6.8 05 Oct 2017, 01:29 UTC

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

CVE-2017-15018 lame_project vulnerability CVSS: 4.3 05 Oct 2017, 01:29 UTC

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.

CVE-2017-13712 lame_project vulnerability CVSS: 5.0 28 Aug 2017, 19:29 UTC

NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.

CVE-2017-11720 lame_project vulnerability CVSS: 7.5 28 Jul 2017, 14:29 UTC

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

CVE-2017-9412 lame_project vulnerability CVSS: 4.3 27 Jul 2017, 06:29 UTC

The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

CVE-2017-9872 lame_project vulnerability CVSS: 6.8 25 Jun 2017, 19:29 UTC

The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVE-2017-9871 lame_project vulnerability CVSS: 6.8 25 Jun 2017, 19:29 UTC

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVE-2017-9870 lame_project vulnerability CVSS: 4.3 25 Jun 2017, 19:29 UTC

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.

CVE-2017-9869 lame_project vulnerability CVSS: 4.3 25 Jun 2017, 19:29 UTC

The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

CVE-2015-9101 lame_project vulnerability CVSS: 4.3 25 Jun 2017, 19:29 UTC

The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

CVE-2015-9100 lame_project vulnerability CVSS: 4.3 25 Jun 2017, 19:29 UTC

The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

CVE-2015-9099 lame_project vulnerability CVSS: 4.3 25 Jun 2017, 19:29 UTC

The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.

CVE-2017-8419 lame_project vulnerability CVSS: 6.8 02 May 2017, 14:59 UTC

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.