Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1284 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.8%

top 9.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mpg123

Timeline

PublishedJan 10

Latest updateApr 29

Description

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmpg123/mpg123< 0.59r-20+3

▶NVDmpg123/mpg1237 versions+6

🔴Vulnerability Details

GHSA

GHSA-rch8-32r3-qf35: Buffer overflow in the find_next_file function in playlist↗2022-04-29

▶

OSV

CVE-2004-1284: Buffer overflow in the find_next_file function in playlist↗2005-01-10

▶

CVEList

CVE-2004-1284: Buffer overflow in the find_next_file function in playlist↗2004-12-22

▶

💥Exploits & PoCs

Exploit-DB

MPG123 0.59 - Find Next File Remote Client-Side Buffer Overflow↗2004-12-15

▶

📋Vendor Advisories

Debian

CVE-2004-1284: mpg123 - Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r al...↗2004

▶