Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 14076 - mpg123 and derivates has an exploitable bug.
Summary: mpg123 and derivates has an exploitable bug.
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High critical (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2003-01-16 22:32 UTC by Spider (RETIRED)
Modified: 2003-09-21 22:58 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Spider (RETIRED) gentoo-dev 2003-01-16 22:32:48 UTC
other link: has this stated:
16. Jan. 2003

      Important information about the Gobble Exploit: It seems, that only the
pre0.59s version is vulnerable. The hotfix is to increase the
MAX_INPUT_FRAMESIZE to a big value. Ie 4096. I will review the whole code this
weekend. I will also try to supply an mp3 checker this weekend. So it is not
necessary to remove all your mp3s. Just do not play them with a potentially
vulnerable player and check them later. Thanx. 

We need to check xmms as well as mpg123 for this. :/
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-01-17 03:38:47 UTC
We have the lastest stable version in the tree, 0.59r, which is not vulnerable. 
However, a patch was posted to fix a bug in 0.59r: 
Dear Benjamin Tober, 
Latest release mpg123 0.59r uses large enough buffer size and may not be 
exploited this way. But both versions have another one bug in frame size 
calculation  -  zero  bitrate  will  lead  to  negative frame size to be 
calculated. Unchecked patches: 
for 0.59r: 
--- common.old  2003-01-15 21:42:15.000000000 +0300 
+++ common.c    2003-01-15 21:42:38.000000000 +0300 
@@ -123,7 +123,7 @@ 
        return FALSE; 
        return FALSE; 
-    if( ((head>>12)&0xf) == 0xf) 
+    if( ((head>>12)&0xf) == 0xf || (head>>12)&0xf) == 0) 
        return FALSE; 
     if( ((head>>10)&0x3) == 0x3 ) 
        return FALSE; 
Comment 2 solar (RETIRED) gentoo-dev 2003-09-21 22:58:22 UTC
media-sound/mpg123-0.59s is now in the tree. 
changing resolution to FIXED