The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. References: https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/ Upstream patch: https://scm.orgis.org/view/mpg123/trunk/src/libmpg123/layer3.c?view=patch&r1=4275&r2=4274&pathrev=4275
Created mpg123 tracking bugs for this issue: Affects: epel-7 [bug 1470103] Affects: fedora-all [bug 1470104]
Adding one issue. CVE-2017-10683 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a denial of service attack. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1465819
Adding one issue. CVE-2017-9545 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. References: http://seclists.org/fulldisclosure/2017/Jul/65
CVE-2017-12797 Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. https://sourceforge.net/p/mpg123/bugs/254/
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.