Vulnerability Details : CVE-2004-0982
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-0982
- cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*
- cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0982
3.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0982
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0982
-
http://marc.info/?l=bugtraq&m=109834486312407&w=2
'mpg123 "getauthfromurl" buffer overflow' - MARC
-
http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
mpg123: Buffer overflow vulnerabilities (GLSA 200410-27) — Gentoo security
-
http://securitytracker.com/id?1011832
GoDaddy Domain Name Search
-
http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17574
-
http://www.securityfocus.com/bid/11468
Patch;Vendor Advisory
-
http://www.debian.org/security/2004/dsa-578
[SECURITY] [DSA 578-1] New mpg123 packages fix arbitrary code executionPatch;Vendor Advisory
Jump to