LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fillbuffer in libmp3lame/util.c, related to lameencodebuffersample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_name": "lame", "binary_version": "3.99.5+repack1-3ubuntu1+esm2" }, { "binary_name": "lame-dbgsym", "binary_version": "3.99.5+repack1-3ubuntu1+esm2" }, { "binary_name": "lame-doc", "binary_version": "3.99.5+repack1-3ubuntu1+esm2" }, { "binary_name": "libmp3lame-dev", "binary_version": "3.99.5+repack1-3ubuntu1+esm2" }, { "binary_name": "libmp3lame0", "binary_version": "3.99.5+repack1-3ubuntu1+esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "lame", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "lame-dbg", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "lame-dbgsym", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "lame-doc", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "libmp3lame-dev", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "libmp3lame-dev-dbgsym", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "libmp3lame0", "binary_version": "3.99.5+repack1-9build1" }, { "binary_name": "libmp3lame0-dbgsym", "binary_version": "3.99.5+repack1-9build1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "lame", "binary_version": "3.100-2" }, { "binary_name": "lame-dbgsym", "binary_version": "3.100-2" }, { "binary_name": "lame-doc", "binary_version": "3.100-2" }, { "binary_name": "libmp3lame-dev", "binary_version": "3.100-2" }, { "binary_name": "libmp3lame0", "binary_version": "3.100-2" }, { "binary_name": "libmp3lame0-dbgsym", "binary_version": "3.100-2" } ] }