FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mpg123 -- playlist processing buffer overflow vulnerability

Affected packages
mpg123 <= 0.59r_15
mpg123-esound <= 0.59r_15
mpg123-nas <= 0.59r_15

Details

VuXML ID 877e918e-5362-11d9-96d4-00065be4b5b6
Discovery 2004-12-15
Entry 2005-01-03
Modified 2005-01-13

A buffer overflow vulnerability exists in the playlist processing of mpg123. A specially crafted playlist entry can cause a stack overflow that can be used to inject arbitrary code into the mpg123 process.

Note that a malicious playlist, demonstrating this vulnerability, was released by the bug finder and may be used as a template by attackers.

References

Bugtraq ID 11958
CVE Name CVE-2004-1284
Message [email protected]
URL http://secunia.com/advisories/13511/
URL http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
URL http://xforce.iss.net/xforce/xfdb/18626

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »