CVE-2004-0805 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

5.8%

top 9.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mp3gain Mpg123 Mandrakesoft Mandrake Linux +1 more

Timeline

PublishedDec 23

Latest updateApr 29

Description

Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Debianmpg123/mpg123< 0.59r-16+3

▶NVDmpg123/mpg1230.59r, 0.59s+1

▶Debianmp3gain/mp3gain< 1.5.2-r2-6+3

▶NVDmandrakesoft/mandrake_linux10.0, 9.2+1

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-hqgq-rv4f-6j99: Buffer overflow in layer2↗2022-04-29

▶

OSV

CVE-2004-0805: Buffer overflow in layer2↗2004-12-23

▶

CVEList

CVE-2004-0805: Buffer overflow in layer2↗2004-10-20

▶

📋Vendor Advisories

Debian

CVE-2004-0805: mp3gain - Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows rem...↗2004

▶