[Bug 370031] Re: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
Stefan Lesicnik
stefan at lsd.co.za
Fri May 1 20:10:55 UTC 2009
Dapper code seems to not be affected. There is no id3.c and grepping for
the strings also return no results.
There is no released POC for this exploit and no inbuilt tests. The
resulting .dsc was built on all releases and builds ok.
Testing was done to ensure that mpg123 still works as expected by
playing random mp3 files and checking the id3 tag information was
displayed.
The patch itself is of low impact as it introduces no ABI / API changes
but just convers an integer to unsigned integer.
--
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
https://bugs.launchpad.net/bugs/370031
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list