This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and fixes CVE-2019-14247. Description: Handle illegal bitrate value Author: Chrysostomos Nanakos Bug-Debian: https://bugs.debian.org/870406 Bug-Debian: https://bugs.debian.org/887057 --- mpg321-0.3.2.orig/mad.c +++ mpg321-0.3.2/mad.c @@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len, if (!is_vbr) { + if (header.bitrate <= 0) + { + fprintf(stderr, "Illegal bit allocation value\n"); + return; + } + double time = (len * 8.0) / (header.bitrate); /* time in seconds */ double timefrac = (double)time - ((long)(time)); long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */