[Bug 370031] [NEW] Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
Stefan Lesicnik
stefan at lsd.co.za
Thu Apr 30 19:38:05 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Integer signedness error in the store_id3_text function in the ID3v2 code
in mpg123 before 1.7.2 allows remote attackers to cause a denial of service
(out-of-bounds memory access) and possibly execute arbitrary code via an
ID3 tag with a negative encoding value. NOTE: some of these details are
obtained from third party information.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301
** Affects: mpg123 (Ubuntu)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: In Progress
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1301
--
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
https://bugs.launchpad.net/bugs/370031
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list