Security vulnerability in Streamripper
Streamripper, a popular MP3 media stream ripper for Unix and Windows, can be attacked using manipulated servers to inject malicious code and execute this code with the user's privileges. This is due to a buffer overflow when processing crafted http headers.
According to a security advisory from Chris Rohlf, excess length parameters in the Location: and Server: fields in the http header trigger buffer overflows. The vulnerabilities affect Streamripper 1.62.1 and possibly older versions. The development team have since made version 1.62.2 of both the program and the Winamp plugin available for download. This version fixes the vulnerabilities. Users of the application should install the latest version as soon as possible.
- Streamripper 1.62.1 Security Advisory Multiple Buffer Overflows, security advisory from Chris Rohlf
- Download the latest version of Streamripper