CVE-2003-0577 — Mpg123 vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

5.2%

top 10.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mp3gain Mpg123

Timeline

PublishedAug 18

Latest updateMay 3

Description

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debianmpg123/mpg123< 0.59r-1+3

▶NVDmpg123/mpg1230.59r, pre0.59s+1

▶Debianmp3gain/mp3gain< 1.5.2-r2-6+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4p3c-rrcv-8gx9: mpg123 0↗2022-05-03

▶

OSV

CVE-2003-0577: mpg123 0↗2003-08-18

▶

CVEList

CVE-2003-0577: mpg123 0↗2003-07-17

▶

📋Vendor Advisories

Debian

CVE-2003-0577: mp3gain - mpg123 0.59r allows remote attackers to cause a denial of service and possibly e...↗2003

▶