Juhana Sadeharju wrote: > Hello. I got following when I used mpg321 (/usr/bin/mpg123) on > file "www.modular2003.com/sounds/DirectHammond.mp3": > > Title : Lazy (excerpt) Artist: Deep Purple > Album : Year : 2001 > Comment: 100No such file or directoryade with Csoun softsynth > Genre : Hard Rock > > What is that "100No such file or directory"??!! The end of mp3 file > looks following: > TAGLazy (excerpt) > Deep Purple > 2001100% made with Csoun softsynthO > > For what that feature can be used? maybe to execute arbitrary code every time you play a specially crafted mp3 file :-/ > Are my own files in danger? Yes, in theory... but I doubt anyone ever exploited this. > > mpg123 gives following version numbers: > mpg321 version 0.2.9. Copyright (C) 2001, 2002 Joe Drew. > Version 0.59q (2002/03/23). Written and copyrights by Joe Drew. > > Regards, > Juhana it seems the string is passed to printf without being checked first. I sent this to mpg321 author, too... AFAIK it's a common security bug, and easy to fix. -- Stefano Cavallari <stefano@xxxxxxxxxxxxxxxxx> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata Url : http://music.columbia.edu/pipermail/linux-audio-user/attachments/20031207/c11feea1/attachment.bin