CVE-2004-0805

Vulnerability

A buffer overflow vulnerability exists in the layer2.c file of mpg123 versions 0.59r and possibly 0.59s. The flaw occurs during the decoding of layer2 frames in MPEG audio files. An attacker can trigger the overflow by providing a specially crafted MP3 or MP2 file that fails header checks, leading to memory corruption. The same vulnerable code is present in 0.59s, but additional header checks in that version prevent the specific test case from crashing; however, a more carefully crafted file might still exploit it [1][2].

Exploitation

An attacker needs to craft a malicious MP3 or MP2 file that exploits the buffer overflow. No authentication or special network position is required; the attacker can deliver the file via any means (e.g., email, download, web). The victim must play the file using a vulnerable version of mpg123. Upon processing the malformed audio data, the overflow occurs, potentially allowing the attacker to overwrite critical memory regions [1][2].

Impact

Successful exploitation allows arbitrary code execution with the privileges of the user running mpg123. This can lead to full compromise of the user's account, including access to files, data, and system resources. The impact is limited to the user's privilege level; it does not directly grant root access unless the user has elevated permissions [1][2].

Mitigation

The vulnerability is fixed in mpg123 version 0.59s-r4 as provided by the Gentoo Linux distribution [2]. A patch was contributed by Daniel Kobras, the Debian mpg123 package maintainer [1]. Users should upgrade to the patched version. No workaround is available; playing untrusted audio files with vulnerable versions should be avoided [2].