[MBT] new ticket for pkg mpg321 "Possible format string vulnerability"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 15:56:15 CET 2004
Date: 2004-01-28 15:56:14+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Possible format string vulnerability
Ticket ID: #812
Ticket URL: http://bugs.pld-linux.org/?bug=812
Package: mpg321-2:0.2.10-2
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
See CAN-2003-969 for details:
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
More information about the pld-bugs
mailing list