Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200607-01] mpg123: Heap overflow Vulnerability Scan
Vulnerability Scan Summary
mpg123: Heap overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200607-01
(mpg123: Heap overflow)
In httpdget.c, a variable is assigned to the heap, and is supposed to
receive a smaller allocation. As this variable was not terminated
properly, strncpy() will overwrite the data assigned next in memory.
By enticing a user to visit a malicious URL, a possible hacker could possibly
execute arbitrary code with the rights of the user running mpg123.
There is no known workaround at this time.
All mpg123 users should update to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r11"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.