Updated mpg123 packages fix security vulnerabilitiesPublication date: 08 Aug 2017
Affected Mageia releases : 5 , 6
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file (CVE-2017-9545). Invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes (CVE-2017-10683). Extend pow tables for layer III to properly handle files with i-stereo and 5-bit scalefactors. Never observed them for real, just as fuzzed input to trigger the read overflow (CVE-2017-11126).