{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for lame","title":"Title of the patch"},{"category":"description","text":"This update for lame fixes the following issues:\n\nLame was updated to version 3.100:\n\n  * Improved detection of MPEG audio data in RIFF WAVE files.\n     sf#3545112 Invalid sampling detection\n  * New switch --gain <decibel>, range -20.0 to +12.0, a more\n    convenient way to apply Gain adjustment in decibels, \n    than the use of --scale <factor>.\n  * Fix for sf#3558466 Bug in path handling\n  * Fix for sf#3567844 problem with Tag genre\n  * Fix for sf#3565659 no progress indication with pipe input\n  * Fix for sf#3544957 scale (empty) silent encode without warning\n  * Fix for sf#3580176 environment variable LAMEOPT doesn't\n    work anymore\n  * Fix for sf#3608583 input file name displayed with wrong\n    character encoding (on windows console with CP_UTF8)\n  * Fix dereference NULL and Buffer not NULL terminated issues.\n    (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401)\n  * Fix dereference of a null pointer possible in loop.\n  * Make sure functions with SSE instructions maintain their own\n    properly aligned stack. Thanks to Fabian Greffrath\n  * Multiple Stack and Heap Corruptions from Malicious File.\n    (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393\n     CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400)\n  * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311)\n  * CVE-2017-9410: Fix fill_buffer_resample function in\n    libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333)\n  * CVE-2017-9411: Fix fill_buffer_resample function in\n    libmp3lame/util.c invalid memory read and application crash (bsc#1082397)\n  * CVE-2017-9412: FIx unpack_read_samples function in \n    frontend/get_audio.c invalid memory read and application crash (bsc#1082340)\n  * Fix clip detect scale suggestion unaware of scale input value\n  * HIP decoder bug fixed: decoding mixed blocks of lower sample\n    frequency Layer3 data resulted in internal buffer overflow.\n  * Add lame_encode_buffer_interleaved_int()\n\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2018-214","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0543-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2018:0543-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7/#6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2018:0543-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7/#6JQYYKDCEI244XVDO6HZ4YNU7XFZRJG7"},{"category":"self","summary":"SUSE Bug 1082311","url":"https://bugzilla.suse.com/1082311"},{"category":"self","summary":"SUSE Bug 1082317","url":"https://bugzilla.suse.com/1082317"},{"category":"self","summary":"SUSE Bug 1082333","url":"https://bugzilla.suse.com/1082333"},{"category":"self","summary":"SUSE Bug 1082340","url":"https://bugzilla.suse.com/1082340"},{"category":"self","summary":"SUSE Bug 1082391","url":"https://bugzilla.suse.com/1082391"},{"category":"self","summary":"SUSE Bug 1082392","url":"https://bugzilla.suse.com/1082392"},{"category":"self","summary":"SUSE Bug 1082393","url":"https://bugzilla.suse.com/1082393"},{"category":"self","summary":"SUSE Bug 1082395","url":"https://bugzilla.suse.com/1082395"},{"category":"self","summary":"SUSE Bug 1082397","url":"https://bugzilla.suse.com/1082397"},{"category":"self","summary":"SUSE Bug 1082399","url":"https://bugzilla.suse.com/1082399"},{"category":"self","summary":"SUSE Bug 1082400","url":"https://bugzilla.suse.com/1082400"},{"category":"self","summary":"SUSE Bug 1082401","url":"https://bugzilla.suse.com/1082401"},{"category":"self","summary":"SUSE CVE CVE-2015-9100 page","url":"https://www.suse.com/security/cve/CVE-2015-9100/"},{"category":"self","summary":"SUSE CVE CVE-2015-9101 page","url":"https://www.suse.com/security/cve/CVE-2015-9101/"},{"category":"self","summary":"SUSE CVE CVE-2017-11720 page","url":"https://www.suse.com/security/cve/CVE-2017-11720/"},{"category":"self","summary":"SUSE CVE CVE-2017-13712 page","url":"https://www.suse.com/security/cve/CVE-2017-13712/"},{"category":"self","summary":"SUSE CVE CVE-2017-15019 page","url":"https://www.suse.com/security/cve/CVE-2017-15019/"},{"category":"self","summary":"SUSE CVE CVE-2017-9410 page","url":"https://www.suse.com/security/cve/CVE-2017-9410/"},{"category":"self","summary":"SUSE CVE CVE-2017-9411 page","url":"https://www.suse.com/security/cve/CVE-2017-9411/"},{"category":"self","summary":"SUSE CVE CVE-2017-9412 page","url":"https://www.suse.com/security/cve/CVE-2017-9412/"},{"category":"self","summary":"SUSE CVE CVE-2017-9869 page","url":"https://www.suse.com/security/cve/CVE-2017-9869/"},{"category":"self","summary":"SUSE CVE CVE-2017-9870 page","url":"https://www.suse.com/security/cve/CVE-2017-9870/"},{"category":"self","summary":"SUSE CVE CVE-2017-9871 page","url":"https://www.suse.com/security/cve/CVE-2017-9871/"},{"category":"self","summary":"SUSE CVE CVE-2017-9872 page","url":"https://www.suse.com/security/cve/CVE-2017-9872/"}],"title":"Security update for lame","tracking":{"current_release_date":"2018-02-26T07:35:52Z","generator":{"date":"2018-02-26T07:35:52Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2018:0543-1","initial_release_date":"2018-02-26T07:35:52Z","revision_history":[{"date":"2018-02-26T07:35:52Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"lame-3.100-6.1.aarch64","product":{"name":"lame-3.100-6.1.aarch64","product_id":"lame-3.100-6.1.aarch64"}},{"category":"product_version","name":"lame-doc-3.100-6.1.aarch64","product":{"name":"lame-doc-3.100-6.1.aarch64","product_id":"lame-doc-3.100-6.1.aarch64"}},{"category":"product_version","name":"lame-mp3rtp-3.100-6.1.aarch64","product":{"name":"lame-mp3rtp-3.100-6.1.aarch64","product_id":"lame-mp3rtp-3.100-6.1.aarch64"}},{"category":"product_version","name":"libmp3lame-devel-3.100-6.1.aarch64","product":{"name":"libmp3lame-devel-3.100-6.1.aarch64","product_id":"libmp3lame-devel-3.100-6.1.aarch64"}},{"category":"product_version","name":"libmp3lame0-3.100-6.1.aarch64","product":{"name":"libmp3lame0-3.100-6.1.aarch64","product_id":"libmp3lame0-3.100-6.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"lame-3.100-6.1.ppc64le","product":{"name":"lame-3.100-6.1.ppc64le","product_id":"lame-3.100-6.1.ppc64le"}},{"category":"product_version","name":"lame-doc-3.100-6.1.ppc64le","product":{"name":"lame-doc-3.100-6.1.ppc64le","product_id":"lame-doc-3.100-6.1.ppc64le"}},{"category":"product_version","name":"lame-mp3rtp-3.100-6.1.ppc64le","product":{"name":"lame-mp3rtp-3.100-6.1.ppc64le","product_id":"lame-mp3rtp-3.100-6.1.ppc64le"}},{"category":"product_version","name":"libmp3lame-devel-3.100-6.1.ppc64le","product":{"name":"libmp3lame-devel-3.100-6.1.ppc64le","product_id":"libmp3lame-devel-3.100-6.1.ppc64le"}},{"category":"product_version","name":"libmp3lame0-3.100-6.1.ppc64le","product":{"name":"libmp3lame0-3.100-6.1.ppc64le","product_id":"libmp3lame0-3.100-6.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"lame-3.100-6.1.s390x","product":{"name":"lame-3.100-6.1.s390x","product_id":"lame-3.100-6.1.s390x"}},{"category":"product_version","name":"lame-doc-3.100-6.1.s390x","product":{"name":"lame-doc-3.100-6.1.s390x","product_id":"lame-doc-3.100-6.1.s390x"}},{"category":"product_version","name":"lame-mp3rtp-3.100-6.1.s390x","product":{"name":"lame-mp3rtp-3.100-6.1.s390x","product_id":"lame-mp3rtp-3.100-6.1.s390x"}},{"category":"product_version","name":"libmp3lame-devel-3.100-6.1.s390x","product":{"name":"libmp3lame-devel-3.100-6.1.s390x","product_id":"libmp3lame-devel-3.100-6.1.s390x"}},{"category":"product_version","name":"libmp3lame0-3.100-6.1.s390x","product":{"name":"libmp3lame0-3.100-6.1.s390x","product_id":"libmp3lame0-3.100-6.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"lame-3.100-6.1.x86_64","product":{"name":"lame-3.100-6.1.x86_64","product_id":"lame-3.100-6.1.x86_64"}},{"category":"product_version","name":"lame-doc-3.100-6.1.x86_64","product":{"name":"lame-doc-3.100-6.1.x86_64","product_id":"lame-doc-3.100-6.1.x86_64"}},{"category":"product_version","name":"lame-mp3rtp-3.100-6.1.x86_64","product":{"name":"lame-mp3rtp-3.100-6.1.x86_64","product_id":"lame-mp3rtp-3.100-6.1.x86_64"}},{"category":"product_version","name":"libmp3lame-devel-3.100-6.1.x86_64","product":{"name":"libmp3lame-devel-3.100-6.1.x86_64","product_id":"libmp3lame-devel-3.100-6.1.x86_64"}},{"category":"product_version","name":"libmp3lame0-3.100-6.1.x86_64","product":{"name":"libmp3lame0-3.100-6.1.x86_64","product_id":"libmp3lame0-3.100-6.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 12 SP2","product":{"name":"SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:12:sp2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"lame-3.100-6.1.aarch64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64"},"product_reference":"lame-3.100-6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-3.100-6.1.ppc64le as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le"},"product_reference":"lame-3.100-6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-3.100-6.1.s390x as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x"},"product_reference":"lame-3.100-6.1.s390x","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-3.100-6.1.x86_64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64"},"product_reference":"lame-3.100-6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-doc-3.100-6.1.aarch64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64"},"product_reference":"lame-doc-3.100-6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-doc-3.100-6.1.ppc64le as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le"},"product_reference":"lame-doc-3.100-6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-doc-3.100-6.1.s390x as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x"},"product_reference":"lame-doc-3.100-6.1.s390x","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-doc-3.100-6.1.x86_64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64"},"product_reference":"lame-doc-3.100-6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-mp3rtp-3.100-6.1.aarch64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64"},"product_reference":"lame-mp3rtp-3.100-6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-mp3rtp-3.100-6.1.ppc64le as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le"},"product_reference":"lame-mp3rtp-3.100-6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-mp3rtp-3.100-6.1.s390x as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x"},"product_reference":"lame-mp3rtp-3.100-6.1.s390x","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"lame-mp3rtp-3.100-6.1.x86_64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64"},"product_reference":"lame-mp3rtp-3.100-6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame-devel-3.100-6.1.aarch64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64"},"product_reference":"libmp3lame-devel-3.100-6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame-devel-3.100-6.1.ppc64le as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le"},"product_reference":"libmp3lame-devel-3.100-6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame-devel-3.100-6.1.s390x as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x"},"product_reference":"libmp3lame-devel-3.100-6.1.s390x","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame-devel-3.100-6.1.x86_64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64"},"product_reference":"libmp3lame-devel-3.100-6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame0-3.100-6.1.aarch64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64"},"product_reference":"libmp3lame0-3.100-6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame0-3.100-6.1.ppc64le as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le"},"product_reference":"libmp3lame0-3.100-6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame0-3.100-6.1.s390x as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x"},"product_reference":"libmp3lame0-3.100-6.1.s390x","relates_to_product_reference":"SUSE Package Hub 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"libmp3lame0-3.100-6.1.x86_64 as component of SUSE Package Hub 12 SP2","product_id":"SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"},"product_reference":"libmp3lame0-3.100-6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12 SP2"}]},"vulnerabilities":[{"cve":"CVE-2015-9100","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-9100"}],"notes":[{"category":"general","text":"The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-9100","url":"https://www.suse.com/security/cve/CVE-2015-9100"},{"category":"external","summary":"SUSE Bug 1082401 for CVE-2015-9100","url":"https://bugzilla.suse.com/1082401"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2015-9100"},{"cve":"CVE-2015-9101","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-9101"}],"notes":[{"category":"general","text":"The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-9101","url":"https://www.suse.com/security/cve/CVE-2015-9101"},{"category":"external","summary":"SUSE Bug 1082400 for CVE-2015-9101","url":"https://bugzilla.suse.com/1082400"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2015-9101"},{"cve":"CVE-2017-11720","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-11720"}],"notes":[{"category":"general","text":"There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-11720","url":"https://www.suse.com/security/cve/CVE-2017-11720"},{"category":"external","summary":"SUSE Bug 1082311 for CVE-2017-11720","url":"https://bugzilla.suse.com/1082311"},{"category":"external","summary":"SUSE Bug 1082397 for CVE-2017-11720","url":"https://bugzilla.suse.com/1082397"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"critical"}],"title":"CVE-2017-11720"},{"cve":"CVE-2017-13712","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-13712"}],"notes":[{"category":"general","text":"NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-13712","url":"https://www.suse.com/security/cve/CVE-2017-13712"},{"category":"external","summary":"SUSE Bug 1082399 for CVE-2017-13712","url":"https://bugzilla.suse.com/1082399"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"important"}],"title":"CVE-2017-13712"},{"cve":"CVE-2017-15019","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-15019"}],"notes":[{"category":"general","text":"LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-15019","url":"https://www.suse.com/security/cve/CVE-2017-15019"},{"category":"external","summary":"SUSE Bug 1082317 for CVE-2017-15019","url":"https://bugzilla.suse.com/1082317"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"important"}],"title":"CVE-2017-15019"},{"cve":"CVE-2017-9410","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9410"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9101. Reason: This candidate is a duplicate of CVE-2015-9101. Notes: All CVE users should reference CVE-2015-9101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9410","url":"https://www.suse.com/security/cve/CVE-2017-9410"},{"category":"external","summary":"SUSE Bug 1061970 for CVE-2017-9410","url":"https://bugzilla.suse.com/1061970"},{"category":"external","summary":"SUSE Bug 1082333 for CVE-2017-9410","url":"https://bugzilla.suse.com/1082333"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2017-9410"},{"cve":"CVE-2017-9411","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9411"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9100. Reason: This candidate is a duplicate of CVE-2015-9100. Notes: All CVE users should reference CVE-2015-9100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9411","url":"https://www.suse.com/security/cve/CVE-2017-9411"},{"category":"external","summary":"SUSE Bug 1082397 for CVE-2017-9411","url":"https://bugzilla.suse.com/1082397"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2017-9411"},{"cve":"CVE-2017-9412","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9412"}],"notes":[{"category":"general","text":"The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9412","url":"https://www.suse.com/security/cve/CVE-2017-9412"},{"category":"external","summary":"SUSE Bug 1061973 for CVE-2017-9412","url":"https://bugzilla.suse.com/1061973"},{"category":"external","summary":"SUSE Bug 1082340 for CVE-2017-9412","url":"https://bugzilla.suse.com/1082340"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2017-9412"},{"cve":"CVE-2017-9869","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9869"}],"notes":[{"category":"general","text":"The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9869","url":"https://www.suse.com/security/cve/CVE-2017-9869"},{"category":"external","summary":"SUSE Bug 1082395 for CVE-2017-9869","url":"https://bugzilla.suse.com/1082395"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2017-9869"},{"cve":"CVE-2017-9870","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9870"}],"notes":[{"category":"general","text":"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type == 2\" case, a similar issue to CVE-2017-11126.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9870","url":"https://www.suse.com/security/cve/CVE-2017-9870"},{"category":"external","summary":"SUSE Bug 1046766 for CVE-2017-9870","url":"https://bugzilla.suse.com/1046766"},{"category":"external","summary":"SUSE Bug 1082393 for CVE-2017-9870","url":"https://bugzilla.suse.com/1082393"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"moderate"}],"title":"CVE-2017-9870"},{"cve":"CVE-2017-9871","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9871"}],"notes":[{"category":"general","text":"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9871","url":"https://www.suse.com/security/cve/CVE-2017-9871"},{"category":"external","summary":"SUSE Bug 1082392 for CVE-2017-9871","url":"https://bugzilla.suse.com/1082392"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"important"}],"title":"CVE-2017-9871"},{"cve":"CVE-2017-9872","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9872"}],"notes":[{"category":"general","text":"The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9872","url":"https://www.suse.com/security/cve/CVE-2017-9872"},{"category":"external","summary":"SUSE Bug 1082391 for CVE-2017-9872","url":"https://bugzilla.suse.com/1082391"},{"category":"external","summary":"SUSE Bug 1092153 for CVE-2017-9872","url":"https://bugzilla.suse.com/1092153"},{"category":"external","summary":"SUSE Bug 1199458 for CVE-2017-9872","url":"https://bugzilla.suse.com/1199458"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12 SP2:lame-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-doc-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.s390x","SUSE Package Hub 12 SP2:lame-mp3rtp-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame-devel-3.100-6.1.x86_64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.aarch64","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.ppc64le","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.s390x","SUSE Package Hub 12 SP2:libmp3lame0-3.100-6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-26T07:35:52Z","details":"important"}],"title":"CVE-2017-9872"}]}