ksandre - 2005-03-29

I saw this yesterday at Security Focus.  (Some distributions' mpg321 v.0.2.10 are vulnerable.  No known exploits were reported.)

"mpg321 MP3 File Remote Format String Vulnerability"


"A remotely exploitable format string vulnerability is present in mpg321. This issue could be exploited if a malicious MP3 file is played by a user, either by opening the file manually or by streaming the malicious file. This will permit for execution of arbitrary code in the context of the user invoking the media player."