CVE-2004-0982 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

8.2%

top 7.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mpg123

Timeline

PublishedFeb 9

Latest updateApr 29

Description

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmpg123/mpg123< 0.59r-18+3

▶NVDmpg123/mpg1230.59r, pre0.59s+1

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-j759-7prh-q6f5: Buffer overflow in the getauthfromURL function in httpget↗2022-04-29

▶

OSV

CVE-2004-0982: Buffer overflow in the getauthfromURL function in httpget↗2005-02-09

▶

CVEList

CVE-2004-0982: Buffer overflow in the getauthfromURL function in httpget↗2004-11-19

▶

📋Vendor Advisories

Debian

CVE-2004-0982: mpg123 - Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s a...↗2004

▶