CVE-2009-1301

Name of the Vulnerable Software and Affected Versions mpg123 versions prior to 1.7.2

Description The issue is related to an integer signedness error in the store id3 text function within the ID3v2 code. This error can be triggered by an ID3 tag containing a negative encoding value, potentially leading to out-of-bounds memory access. As a result, remote attackers may cause a denial of service or possibly execute arbitrary code.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.