Package: mpeg3-utils Version: 1.5.4-5 Severity: grave Tags: security Justification: user security hole
mpeg3cat has a buffer overflow vulnerability. A PoC file is attached. gdb --args /usr/bin/mpeg3cat foo.mp3 Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () (gdb) -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mpeg3-utils depends on: ii libc6 2.13-38 ii libmpeg3-1 1.5.4-5 mpeg3-utils recommends no packages. mpeg3-utils suggests no packages. -- no debconf information
foo.mp3
Description: audio/mpeg
