Jump to:

CVE-2017-11126

Jump to:

CVE-2017-11126

Package mpg123 updated to version 1.25.2-alt1 for branch sisyphus in task 185346.

Published: 2017-07-10
Modified: 2024-11-21

CVE-2017-11126

The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

http://openwall.com/lists/oss-security/2017/07/10/4
http://openwall.com/lists/oss-security/2017/07/10/4
https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/
https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/

Version: 2.1.0

Package mpg123 update in sisyphus on 2017-07-13

ALT-PU-2017-1861-1

Closed vulnerabilities

CVE-2017-11126