libcdaudio -- remote buffer overflow and code execution

securityfocus reports:

The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.

[source]

A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.

To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.

[source]