FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mpg123 -- playlist processing buffer overflow vulnerability

Affected packages
mpg123 <= 0.59r_15
mpg123-esound <= 0.59r_15
mpg123-nas <= 0.59r_15

Details

VuXML ID 877e918e-5362-11d9-96d4-00065be4b5b6
Discovery 2004-12-15
Entry 2005-01-03
Modified 2005-01-13

A buffer overflow vulnerability exists in the playlist processing of mpg123. A specially crafted playlist entry can cause a stack overflow that can be used to inject arbitrary code into the mpg123 process.

Note that a malicious playlist, demonstrating this vulnerability, was released by the bug finder and may be used as a template by attackers.

References

Bugtraq ID 11958
CVE Name CVE-2004-1284
Message 653D74053BA6F54A81ED83DCF969DF08CFA2AA@pivxes1.pivx.com
URL http://secunia.com/advisories/13511/
URL http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
URL http://xforce.iss.net/xforce/xfdb/18626

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.