CVE-2004-0982 - Bustled Clamps

Description

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Reference

http://www.securityfocus.com/bid/11468 http://www.debian.org/security/2004/dsa-578 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.osvdb.org/11023 http://securitytracker.com/id?1011832 http://secunia.com/advisories/12908 http://marc.info/?l=bugtraq&m=109834486312407&w=2 20041019 mpg123 \getauthfromurl
buffer overflow https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 mpg123-getauthfromurl-bo(17574)