Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mpg123 | Mpg123 | 0.59m (including) | 0.59m (including) |
| Mpg123 | Mpg123 | 0.59n (including) | 0.59n (including) |
| Mpg123 | Mpg123 | 0.59o (including) | 0.59o (including) |
| Mpg123 | Mpg123 | 0.59p (including) | 0.59p (including) |
| Mpg123 | Mpg123 | 0.59q (including) | 0.59q (including) |
| Mpg123 | Mpg123 | 0.59r (including) | 0.59r (including) |
| Mpg123 | Mpg123 | 0.59s (including) | 0.59s (including) |
| Mpg123 | Ubuntu | dapper | * |
| Mpg123 | Ubuntu | devel | * |
| Mpg123 | Ubuntu | edgy | * |
| Mpg123 | Ubuntu | feisty | * |
References
- http://secunia.com/advisories/13779
- http://secunia.com/advisories/13788
- http://secunia.com/advisories/13899
- http://security.gentoo.org/glsa/glsa-200501-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:009
- http://www.securityfocus.com/bid/12218
- http://secunia.com/advisories/13779
- http://secunia.com/advisories/13788
- http://secunia.com/advisories/13899
- http://security.gentoo.org/glsa/glsa-200501-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:009
- http://www.securityfocus.com/bid/12218