In association with heise online

15 August 2007, 08:53

Security vulnerability in Streamripper

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Streamripper, a popular MP3 media stream ripper for Unix and Windows, can be attacked using manipulated servers to inject malicious code and execute this code with the user's privileges. This is due to a buffer overflow when processing crafted http headers.

According to a security advisory from Chris Rohlf, excess length parameters in the Location: and Server: fields in the http header trigger buffer overflows. The vulnerabilities affect Streamripper 1.62.1 and possibly older versions. The development team have since made version 1.62.2 of both the program and the Winamp plugin available for download. This version fixes the vulnerabilities. Users of the application should install the latest version as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit