A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "libmpg123-0", "binary_version": "1.16.0-1ubuntu1.1+esm2" }, { "binary_name": "libmpg123-0-dbgsym", "binary_version": "1.16.0-1ubuntu1.1+esm2" }, { "binary_name": "libmpg123-dev", "binary_version": "1.16.0-1ubuntu1.1+esm2" }, { "binary_name": "mpg123", "binary_version": "1.16.0-1ubuntu1.1+esm2" }, { "binary_name": "mpg123-dbgsym", "binary_version": "1.16.0-1ubuntu1.1+esm2" } ], "ubuntu_priority": "low" }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libmpg123-0", "binary_version": "1.22.4-1ubuntu0.1+esm2" }, { "binary_name": "libmpg123-0-dbgsym", "binary_version": "1.22.4-1ubuntu0.1+esm2" }, { "binary_name": "libmpg123-dev", "binary_version": "1.22.4-1ubuntu0.1+esm2" }, { "binary_name": "mpg123", "binary_version": "1.22.4-1ubuntu0.1+esm2" }, { "binary_name": "mpg123-dbgsym", "binary_version": "1.22.4-1ubuntu0.1+esm2" } ], "ubuntu_priority": "low" }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libmpg123-0", "binary_version": "1.25.10-1" }, { "binary_name": "libmpg123-0-dbgsym", "binary_version": "1.25.10-1" }, { "binary_name": "libmpg123-dev", "binary_version": "1.25.10-1" }, { "binary_name": "libout123-0", "binary_version": "1.25.10-1" }, { "binary_name": "libout123-0-dbgsym", "binary_version": "1.25.10-1" }, { "binary_name": "mpg123", "binary_version": "1.25.10-1" }, { "binary_name": "mpg123-dbgsym", "binary_version": "1.25.10-1" } ], "ubuntu_priority": "low" }