Package: mpg123 Version: 0.59r-21 Severity: grave Tags: security cite: "Unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear."
Version 0.59r-21 should be fixed against CVE-2004-0991 but segfaults with the poc-exploit. So it seems to be a different vulnerability than CVE-2004-0991. gdb says the segfault is in layer3.c:1185, but debugging this is beyond me. If you fix it, please mention the CVE-id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]