{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0067",
  "published": "2014-02-13T19:49:32Z",
  "modified": "2014-02-16T11:28:19Z",
  "summary": "Updated mpg123 packages fix a buffer overflow",
  "details": "Updated mpg123 packages fix security vulnerability:\n\nmpg123 1.14.1 and later are vulnerable to a buffer overflow that could allow\na maliciously crafted audio file to crash applications that use the libmpg123\nlibrary.\n\nmpg123 has been updated to version 1.18.0, which fixes this issue, as well as\nseveral others.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0067.html"
    },
    {
      "type": "WEB",
      "url": "http://mpg123.org/cgi-bin/news.cgi"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=12503"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "mpg123",
        "purl": "pkg:rpm/mageia/mpg123?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-1.mga3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "mpg123",
        "purl": "pkg:rpm/mageia/mpg123?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}