CVE-2004-0991Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
5.0%
top 10.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mp3gainMpg123Suse Linux
Timeline
PublishedJan 11
Latest updateApr 29

Description

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

Debianmpg123/mpg123< 0.59r-19+3
NVDmpg123/mpg1237 versions+6
Debianmp3gain/mp3gain< 1.5.2-r2-6+3
NVDsuse/suse_linux6 versions+5

Patches

Patch: security.gentoo.orgPatch: security.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-r5v6-x492-jm2p: Buffer overflow in mpg123 before 02022-04-29
CVEList
CVE-2004-0991: Buffer overflow in mpg123 before 02005-01-19
OSV
CVE-2004-0991: Buffer overflow in mpg123 before 02005-01-11

💥Exploits & PoCs

1
Exploit-DB
Comersus Cart 5.0 - HTTP Response Splitting2004-09-01

📋Vendor Advisories

1
Debian
CVE-2004-0991: mp3gain - Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arb...2004
CVE-2004-0991 — Mpg123 vulnerability | cvebase