CVE-2017-8419

Name of the Vulnerable Software and Affected Versions LAME versions prior to 3.100

Description The issue allows remote attackers to cause a denial of service, potentially leading to a stack-based buffer overflow or heap-based buffer overflow, by providing a crafted WAV or AIFF file. This is due to the reliance on the signed integer data type for values in the file header, which can be mishandled, for example, when processing the num channels value.

Recommendations For versions prior to 3.100, update to version 3.100 or later to resolve the issue. As a temporary workaround, consider restricting the processing of WAV and AIFF files from untrusted sources to minimize the risk of exploitation.