Back to search
CVE-2009-1301
Published: Apr 16, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.gentoo.org/show_bug.cgi?id=265342
x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=673696
x_refsource_CONFIRM
MDVSA-2009:093
vendor-advisory
x_refsource_MANDRIVA
34748
third-party-advisory
x_refsource_SECUNIA
34587
third-party-advisory
x_refsource_SECUNIA
34381
vdb-entry
x_refsource_BID
ADV-2009-0936
vdb-entry
x_refsource_VUPEN
GLSA-200904-15
vendor-advisory
x_refsource_GENTOO
[mpg123-devel] 20090405 mpg123 1.7.2 is out -- important security fix!
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now