UbuntuUpdates.org

Package "libmpg123-0"

Name: libmpg123-0

Description:

MPEG layer 1/2/3 audio decoder (shared library)

Latest version: 1.22.4-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Head package: mpg123
Homepage: http://mpg123.org/

Links


Download "libmpg123-0"


Other versions of "libmpg123-0" in Xenial

Repository Area Version
base universe 1.22.4-1
updates universe 1.22.4-1ubuntu0.1

Changelog

Version: 1.22.4-1ubuntu0.1 2018-09-06 18:06:39 UTC

  mpg123 (1.22.4-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Memory overread
    - debian/patches/CVE-2016-1000247.patch: fix DoS with crafted ID3v2
      tags.
    - CVE-2016-1000247
  * SECURITY UPDATE: Memory overread
    - debian/patches/CVE-2017-10683.patch: fix in id3.c
    - CVE-2017-10683

 -- Eduardo Barretto <email address hidden> Thu, 06 Sep 2018 12:23:27 -0300

CVE-2016-1000247 mpg123 memory overread
CVE-2017-10683 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote den



About   -   Send Feedback to @ubuntu_updates