CVE-2015-9099

Name of the Vulnerable Software and Affected Versions LAME version 3.99.5

Description The issue allows remote attackers to cause a denial of service, resulting in an invalid read and application crash, by exploiting a crafted audio file with a negative sample rate. This is due to a problem in the lame init params function in lame.c in libmp3lame.a.

Recommendations For LAME version 3.99.5, consider avoiding the use of crafted audio files with negative sample rates until a patch is available. As a temporary workaround, restrict the processing of audio files to prevent crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.