Summary: | mpg123 and derivates has an exploitable bug. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Spider (RETIRED) <spider> |
Component: | Current packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://online.securityfocus.com/archive/1/306476 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Spider (RETIRED)
2003-01-16 22:32:48 UTC
We have the lastest stable version in the tree, 0.59r, which is not vulnerable. However, a patch was posted to fix a bug in 0.59r: Dear Benjamin Tober, Latest release mpg123 0.59r uses large enough buffer size and may not be exploited this way. But both versions have another one bug in frame size calculation - zero bitrate will lead to negative frame size to be calculated. Unchecked patches: for 0.59r: --- common.old 2003-01-15 21:42:15.000000000 +0300 +++ common.c 2003-01-15 21:42:38.000000000 +0300 @@ -123,7 +123,7 @@ return FALSE; if(!((head>>17)&3)) return FALSE; - if( ((head>>12)&0xf) == 0xf) + if( ((head>>12)&0xf) == 0xf || (head>>12)&0xf) == 0) return FALSE; if( ((head>>10)&0x3) == 0x3 ) return FALSE; media-sound/mpg123-0.59s is now in the tree. changing resolution to FIXED |