CVE-2004-0805
published 2004-12-23CVE-2004-0805: Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.79%
88.6th percentile
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mp3gain | < mp3gain 1.5.2-r2-6 (bookworm) | mp3gain 1.5.2-r2-6 (bookworm) |
| debian | mpg123 | < mp3gain 1.5.2-r2-6 (bookworm) | mp3gain 1.5.2-r2-6 (bookworm) |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| mp3gain | mp3gain | >= 0 < 1.5.2-r2-6 | 1.5.2-r2-6 |
| mp3gain | mp3gain | >= 0 < 1.5.2-r2-6 | 1.5.2-r2-6 |
| mp3gain | mp3gain | >= 0 < 1.5.2-r2-6 | 1.5.2-r2-6 |
| mp3gain | mp3gain | >= 0 < 1.5.2-r2-6 | 1.5.2-r2-6 |
| mpg123 | mpg123 | — | — |
| mpg123 | mpg123 | — | — |
| mpg123 | mpg123 | >= 0 < 0.59r-16 | 0.59r-16 |
| mpg123 | mpg123 | >= 0 < 0.59r-16 | 0.59r-16 |
| mpg123 | mpg123 | >= 0 < 0.59r-16 | 0.59r-16 |
| mpg123 | mpg123 | >= 0 < 0.59r-16 | 0.59r-16 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqgq-rv4f-6j99: Buffer overflow in layer2
ghsa_unreviewed·2022-04-29
CVE-2004-0805 [HIGH] GHSA-hqgq-rv4f-6j99: Buffer overflow in layer2
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
OSV
CVE-2004-0805: Buffer overflow in layer2
osv·2004-12-23·CVSS 7.5
CVE-2004-0805 [HIGH] CVE-2004-0805: Buffer overflow in layer2
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
Debian
CVE-2004-0805: mp3gain - Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows rem...
vendor_debian·2004·CVSS 7.5
CVE-2004-0805 [HIGH] CVE-2004-0805: mp3gain - Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows rem...
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
Scope: local
bookworm: resolved (fixed in 1.5.2-r2-6)
bullseye: resolved (fixed in 1.5.2-r2-6)
forky: resolved (fixed in 1.5.2-r2-6)
sid: resolved (fixed in 1.5.2-r2-6)
trixie: resolved (fixed in 1.5.2-r2-6)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.htmlhttp://www.alighieri.org/advisories/advisory-mpg123.txthttp://www.debian.org/security/2004/dsa-564http://www.gentoo.org/security/en/glsa/glsa-200409-20.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100http://www.securityfocus.com/archive/1/374433http://www.securityfocus.com/bid/11121https://exchange.xforce.ibmcloud.com/vulnerabilities/17287http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.htmlhttp://www.alighieri.org/advisories/advisory-mpg123.txthttp://www.debian.org/security/2004/dsa-564http://www.gentoo.org/security/en/glsa/glsa-200409-20.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100http://www.securityfocus.com/archive/1/374433http://www.securityfocus.com/bid/11121https://exchange.xforce.ibmcloud.com/vulnerabilities/17287
2004-12-23
Published