cbcvebase.
CVE-2004-0982
published 2005-02-09

CVE-2004-0982: Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute…

PriorityP433critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.53%
92.9th percentile
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianmpg123< mpg123 0.60-1 (bookworm)mpg123 0.60-1 (bookworm)
debianmpg123< mpg123 0.59r-18 (bookworm)mpg123 0.59r-18 (bookworm)
mpg123mpg123
mpg123mpg123
mpg123mpg123
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.59r-180.59r-18
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.59r-180.59r-18
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.59r-180.59r-18
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.59r-180.59r-18

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.