Detections
Analytics

Ubuntu 16.04 ESM : LAME vulnerabilities (USN-4780-1)

critical Nessus Plugin ID 183698

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4780-1 advisory.

 - The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. (CVE-2015-9099)

 - The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
 (CVE-2015-9100)

 - The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. (CVE-2015-9101)

 - NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. (CVE-2017-13712)

 - LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over- read when handling a malformed file in k_34_4 in vbrquantize.c. (CVE-2017-15018)

 - There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
 (CVE-2017-11720)

 - LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. (CVE-2017-8419)

 - The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. (CVE-2017-9412)

 - LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over- read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. (CVE-2017-15045)

 - LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
 (CVE-2017-15019)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected lame, libmp3lame-dev and / or libmp3lame0 packages.

See Also

https://ubuntu.com/security/notices/USN-4780-1

Plugin Details

Severity: Critical

ID: 183698

File Name: ubuntu_USN-4780-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/23/2023

Updated: 10/23/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-11720

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:lame, p-cpe:/a:canonical:ubuntu_linux:libmp3lame-dev, p-cpe:/a:canonical:ubuntu_linux:libmp3lame0

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/29/2022

Vulnerability Publication Date: 5/2/2017

Reference Information

CVE: CVE-2015-9099, CVE-2015-9100, CVE-2015-9101, CVE-2017-11720, CVE-2017-13712, CVE-2017-15018, CVE-2017-15019, CVE-2017-15045, CVE-2017-8419, CVE-2017-9410, CVE-2017-9411, CVE-2017-9412

USN: 4780-1