Some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system.

Some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system.

1) A boundary error exists within the function "http_parse_sc_header()" in lib/http.c when parsing an overly long HTTP header starting with "Zwitterion v".

2) A boundary error exists within the function "http_get_pls()" in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry.

3) A boundary error exists within the function "http_get_m3u()" in lib/http.c when parsing a specially crafted m3u playlist containing an overly long "File" entry.

Successful exploitation allows the execution of arbitrary code, but requires that a user is tricked into connecting to a malicious server.

The vulnerabilities are confirmed in version 1.63.5. Other versions may also be affected.

Patches should be available soon.