CVE-2006-2465

NameCVE-2006-2465
DescriptionBuffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs368207

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mp3info (PTS)bullseye0.8.5a-3fixed
bookworm0.8.5a-5fixed
sid, trixie0.8.5a+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mp3infosource(unstable)0.8.4-9.1low368207

Notes

[sarge] - mp3info <no-dsa> (Hardly exploitable)

Search for package or bug name: Reporting problems