mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
http://www.securityfocus.com/bid/6629
http://www.securityfocus.com/archive/1/306903
http://www.mandriva.com/security/advisories?name=MDKSA-2003:078
http://secunia.com/advisories/7875
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695