FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mpg123 -- buffer overflow vulnerability

Affected packages
mpg123 < 0.59r_17
mpg123-esound < 0.59r_17
mpg123-nas < 0.59r_17

Details

VuXML ID 3cc84400-6576-11d9-a9e7-0001020eed82
Discovery 2005-01-01
Entry 2005-01-13

Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in input streams. This vulnerability can potentially lead to execution of arbitrary code with the permissions of the user running mpg123, if the user runs mpg123 on a specially crafted MP2 or MP3 file.

References

CVE Name CVE-2004-0991