Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 134371

Summary: media-sound/mpg123: arbitrary code execution from buffer overflow
Product: Gentoo Security Reporter: Harlan Lieberman-Berg (RETIRED) <hlieberman>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: major CC: sound
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1655
Whiteboard: A2 [ebuild]
Package list:
Runtime testing required: ---

Description Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-05-25 16:50:07 UTC
This affects <=0.59r.  A sample exploit is located at: http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl

By tricking a user into playing a specially crafted file, an attacker can cause a SEGFAULT. There may also be other impacts.
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2006-05-25 17:24:30 UTC
Tried with 0.59r and it broke; 0.59s doesn't break and we don't have 0.59r in the tree anymore either so bug invalid.