Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60
Thomas Orgis
thomas-forum at orgis.org
Tue Sep 27 05:47:55 UTC 2016
Package: mpg123
This is mpg123 upstream formally informing you of a vulnerability
(crash on illegal memory read) in all mpg123 versions since 0.60, so
very likely all debian versions of mpg123 and libmpg123 are affected.
See more detail at http://mpg123.org/bugs/240 . A one-line fix for any
version is this:
perl -pi -e 's:(while\()(tagpos < length-10\)):${1}length >= 10 && $2:' $(find src -name id3.c)
Alrighty then,
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160927/7e5da352/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list