CVE-2009-1301

Published: 4/16/2009 Last updated: 8/7/2024 Reserved: 4/16/2009

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-libmpg123

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (18)

http://www.mandriva.com/security/advisories?name=MDVSA-2009:093
http://secunia.com/advisories/34748
http://secunia.com/advisories/34587
http://www.securityfocus.com/bid/34381
http://www.vupen.com/english/advisories/2009/0936
http://bugs.gentoo.org/show_bug.cgi?id=265342
http://sourceforge.net/project/shownotes.php?release_id=673696
http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433@sunscreen.local
http://bugs.gentoo.org/show_bug.cgi?id=265342
http://sourceforge.net/project/shownotes.php?release_id=673696
http://www.mandriva.com/security/advisories?name=MDVSA-2009:093
http://secunia.com/advisories/34748
http://secunia.com/advisories/34587
http://www.securityfocus.com/bid/34381
http://www.vupen.com/english/advisories/2009/0936
http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433@sunscreen.local