6 Dec
2003
6 Dec
'03
7:47 p.m.
Juhana Sadeharju wrote:
Hello. I got following when I used mpg321
(/usr/bin/mpg123) on
file "www.modular2003.com/sounds/DirectHammond.mp3":
Title : Lazy (excerpt) Artist: Deep Purple
Album : Year : 2001
Comment: 100No such file or directoryade with Csoun softsynth
Genre : Hard Rock
What is that "100No such file or directory"??!! The end of mp3 file
looks following:
TAGLazy (excerpt)
Deep Purple
2001100% made with Csoun softsynthO
For what that feature can be used?
maybe to execute arbitrary code every time you
play a specially crafted
mp3 file :-/
Are my own files in danger?
Yes, in theory...
but I doubt anyone ever exploited this.
mpg123 gives following version numbers:
mpg321 version 0.2.9. Copyright (C) 2001, 2002 Joe Drew.
Version 0.59q (2002/03/23). Written and copyrights by Joe Drew.
Regards,
Juhana
it seems the string is passed to printf without being checked first.
I sent this to mpg321 author, too... AFAIK it's a common security bug,
and easy to fix.
--
Stefano Cavallari <stefano(a)cavallari.cjb.net>