From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200503-34.xml | 66 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 metadata/glsa/glsa-200503-34.xml (limited to 'metadata/glsa/glsa-200503-34.xml') diff --git a/metadata/glsa/glsa-200503-34.xml b/metadata/glsa/glsa-200503-34.xml new file mode 100644 index 000000000000..648a7d482b5f --- /dev/null +++ b/metadata/glsa/glsa-200503-34.xml @@ -0,0 +1,66 @@ + + + + mpg321: Format string vulnerability + + A flaw in the processing of ID3 tags in mpg321 could potentially lead to + the execution of arbitrary code. + + mpg321 + 2005-03-28 + 2005-03-28: 01 + 86033 + remote + + + 0.2.10-r2 + 0.2.10-r2 + + + +

+ mpg321 is a GPL replacement for mpg123, a command line audio + player with support for ID3. ID3 is a tagging system that allows + metadata to be embedded within media files. +

+ + +

+ A routine security audit of the mpg321 package revealed a known + security issue remained unpatched. The vulnerability is a result of + mpg321 printing embedded ID3 data to the console in an unsafe manner. +

+ + +

+ Successful exploitation would require a victim to play a specially + crafted audio file using mpg321, potentially resulting in the execution + of arbitrary code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All mpg321 users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2" + + + CVE-2003-0969 + + + koon + + + taviso + + + jaervosz + + -- cgit v1.2.3