View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9871 low priority: Ubuntu including 1 source packages (lame), 22 status rows across 22 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial, yakkety, zesty): not-affected 18, ignored 2, needed 1, released 1.
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.