Mpg123 : Security Vulnerabilities, CVEs, CVSS score >= 9

CVE-2009-1301

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
9.19%
Published
2009-04-16
Updated
2009-04-29

CVE-2004-1284

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.
Max CVSS
10.0
EPSS Score
5.00%
Published
2005-01-10
Updated
2017-07-11

CVE-2004-0982

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
Max CVSS
10.0
EPSS Score
3.74%
Published
2005-02-09
Updated
2017-07-11
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close