[3.3] mpg123: global buffer overflow in III_i_stereo (layer3.c) (CVE-2017-11126)
The III_i_stereo function in libmpg123/layer3.c in mpg123 through
1.25.1 allows attackers to cause a denial of service (buffer over-read
and application crash)
via a crafted audio file that is mishandled in the code for the
“block_type != 2” case, a similar issue to CVE-2017-9870.
Fixed In Version:
mpg123 1.25.2
References:
http://openwall.com/lists/oss-security/2017/07/10/3
https://nvd.nist.gov/vuln/detail/CVE-2017-11126
Patch:
(from redmine: issue id 7598, created on 2017-07-24, closed on 2017-08-08)
- Relations:
- parent #7594 (closed)
- Changesets:
- Revision fa16ba1f by Natanael Copa on 2017-08-07T16:07:00Z:
main/mpg123: security upgrade to 1.25.4 (CVE-2017-9545,CVE-2017-11126)
fixes #7598