[Bug 370031] Re: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
Stefan Lesicnik
stefan at lsd.co.za
Thu May 14 13:49:25 UTC 2009
Hey Jamie,
Dapper was marked invalid as the code seems to not be affected. There is
no id3.c and grepping for the strings for the fix also return no
results.
I have tested as much as I am able too.
mpg123 -v --rva-album file.mp3
mpg123 -v --long-tag file.mp3
Functions as expected. (These are all the related id3 tag functions
from the manpage that could possibly trigger the function).
I played random files to determine that the id3 information is still
displayed correctly and can find no errors.
--
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code
https://bugs.launchpad.net/bugs/370031
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list