Some bug fixes in libmpg123, triggered by me asking for it (fuzzers swaying their aim from LAME towards mpg123):
Avoid memset(NULL, 0, 0) to calm down the paranoid.
Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes (unnoticed in practice for a long time). Fuzzers are in the house again. This one got CVE-2017-10683.
Avoid a mostly harmless conditional jump depending on uninitialised fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
Fix undefined shifts on signed long mask in layer3.c (worked in practice, never right in theory). Code might be a bit faster now, even. Thanks to Agostino Sarubbo for reporting.
unfortunately the first is not fixed upstream, let's wait.
It will be in 1.25.2
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1
allows remote attackers to cause a denial of service (buffer over-read and
application crash) via a crafted audio file that is mishandled in the code
for the "block_type != 2" case, a similar issue to CVE-2017-9870.
In mpg123 1.25.0, there is a heap-based buffer over-read in the
convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a
remote denial of service attack.
please test and mark stable: =media-sound/mpg123-1.25.2
Stable on alpha.
(In reply to Tobias Klausmann from comment #6)
> Stable on alpha.
Bullshit. Amd64 stable.
sparc was dropped to exp.
Stabilization done, thank you arches.
@Maintainer(s): Please clean the vulnerable version from the tree.
Gentoo Security Padawan
GLSA Vote: No
tree is clean: