Description: Fix DoS with crafted ID3v2 tags Author: Thomas Orgis <thomas-forum@orgis.org> Bug: https://sourceforge.net/p/mpg123/bugs/240/ Bug-Debian: https://bugs.debian.org/838960 Applied-Upstream: 1.23.8 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/src/libmpg123/id3.c +++ b/src/libmpg123/id3.c @@ -752,7 +752,7 @@ int parse_new_id3(mpg123_handle *fr, uns unsigned long fflags; /* need 16 bits, actually */ id[4] = 0; /* pos now advanced after ext head, now a frame has to follow */ - while(tagpos < length-10) /* I want to read at least a full header */ + while(length >= 10 && tagpos < length-10) /* I want to read at least a full header */ { int i = 0; unsigned long pos = tagpos;