[Bug 370031] Re: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
Jamie Strandboge
jamie at ubuntu.com
Thu May 14 23:19:55 UTC 2009
mpg123 (0.67-1ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: Integer signedness error in the store_id3_text function
in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause
a denial of service (out-of-bounds memory access) and possibly execute
arbitrary code via an ID3 tag with a negative encoding value. (LP: 370031).
- src/id3.c: Inline patch from upstream SVN rev 1920.
- http://www.mpg123.org/cgi-bin/viewvc.cgi/tags/1.7.2/?view=log
- CVE-2009-1301
** Changed in: mpg123 (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
https://bugs.launchpad.net/bugs/370031
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list