[MPlayer-dev-eng] [PATCH] [SECURITY] buffer overflow in mp3lib
Diego Biurrun
diego at biurrun.de
Fri Sep 10 19:31:23 CEST 2004
Hi!
The following patch was just pointed out to me on IRC, it comes from
OpenBSD and appears to fix a buffer overflow in mp3lib. Somebody
please review this quickly and commit
It's taken from here:
http://www.openbsd.org/cgi-bin/cvsweb.cgi/~checkout~/ports/audio/mpg123/patches/
http://www.openbsd.org/cgi-bin/cvsweb.cgi/~checkout~/ports/audio/mpg123/patches/patch-layer2_c?rev=1.1.4.1&content-type=text/plain
This is the log message:
fix buffer overflow, can allow arbitrary code execution by playing an mp3
with specially crafted header; "Davide Del Vecchio" <dante at alighieri.org>
Diego
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch-layer2_c
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20040910/41652534/attachment.txt>
More information about the MPlayer-dev-eng
mailing list