发布时间 :2006-04-06 06:04:00
修订时间 :2010-04-02 03:23:54

[原文]Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.


        mpg123在处理MPEG 2.0的3层文件时,layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞,攻击者可能利用此漏洞执行任意指令。

- CVSS (基础分值)

CVSS分值: 6.5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  17365

- 漏洞信息

中危 缓冲区溢出
2006-04-06 00:00:00 2006-08-28 00:00:00
        mpg123在处理MPEG 2.0的3层文件时,layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞,攻击者可能利用此漏洞执行任意指令。

- 公告与补丁

        mpg123 mpg123 0.59 r
        Debian mpg123-esd_0.59r-20sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge .59r-20sarge1_alpha.deb
        Debian mpg123-esd_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge .59r-20sarge1_i386.deb
        Debian mpg123-esd_0.59r-20sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge .59r-20sarge1_powerpc.deb
        Debian mpg123-nas_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge .59r-20sarge1_i386.deb
        Debian mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge dnow_0.59r-20sarge1_i386.deb
        Debian mpg123-oss-i486_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge 486_0.59r-20sarge1_i386.deb
        Debian mpg123_0.59r-20sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_alpha.deb
        Debian mpg123_0.59r-20sarge1_arm.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_arm.deb
        Debian mpg123_0.59r-20sarge1_hppa.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_hppa.deb
        Debian mpg123_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_i386.deb
        Debian mpg123_0.59r-20sarge1_m68k.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_m68k.deb
        Debian mpg123_0.59r-20sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_powerpc.deb
        Debian mpg123_0.59r-20sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge -20sarge1_sparc.deb
        Mandriva mpg123-0.59r-22.3.C30mdk.i586.rpm
        Mandriva Linux 2006.0:
        Mandriva mpg123-0.59r-22.3.C30mdk.src.rpm
        Mandriva Linux 2006.0:
        Mandriva mpg123-0.59r-22.3.C30mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        Mandriva mpg123-0.59r-23.1.20060mdk.i586.rpm
        Mandriva Linux 2006.0:
        Mandriva mpg123-0.59r-23.1.20060mdk.src.rpm
        Mandriva Linux 2006.0:
        Mandriva mpg123-0.59r-23.1.20060mdk.x86_64.rpm
        Mandriva Linux 2006.0:

- 漏洞信息

mpg123 III_i_stereo() Function Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

mpg123 contains an overflow condition in the handling of MPEG 2.0 layer 3 files. The issue is due to the 'III_i_stereo()' function in layer3.c not validating user-supplied input. With a specially crafted MPEG 2.0 layer 3 file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

- 时间线

2006-05-25 Unknow
Unknow 2007-01-14

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 0.63, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MPG123 Malformed MP3 File Memory Corruption Vulnerability
Boundary Condition Error 17365
Yes No
2006-04-03 12:00:00 2006-11-29 01:09:00
Discovery is credited to Nitrous <>

- 受影响的程序版本

mpg123 mpg123 0.59 r
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4
+ Gentoo Linux
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The mpg123 application is prone to a memory-corruption vulnerability related to the handling of MP3 streams.

An attacker may be able to exploit this vulnerability to execute arbitrary code in the context of the user running the player, but this has not been confirmed.

This issue may be related to the one described in BID 12218 (MPG123 Layer 2 Frame Header Heap Overflow Vulnerability).

- 漏洞利用

A proof-of-concept denial-of-service exploit is available.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

Please see the references for third-party vendor advisories and fixes.

mpg123 mpg123 0.59 r

- 相关参考