_______________________________________________________________________
Package : mpg123
Date : April 22, 2009
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in mpg123:
Integer signedness error in the store_id3_text function in the
ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a
denial of service (out-of-bounds memory access) and possibly execute
arbitrary code via an ID3 tag with a negative encoding value. NOTE:
some of these details are obtained from third party information
(CVE-2009-1301).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1301
_______________________________________________________________________