CVE-2006-1655Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

5 documents5 sources
Severity
6.5MEDIUMNVD
CNA7.5OSV7.5
EPSS
1.0%
top 22.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mp3gainMpg123
Timeline
PublishedApr 6
Latest updateMay 1

Description

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

Debianmpg123/mpg123< 0.59r-22+3
NVDmpg123/mpg1230.59r
Debianmp3gain/mp3gain< 1.5.2-r2-6+3

🔴Vulnerability Details

3
GHSA
GHSA-4wcr-9qqc-2rr4: Multiple buffer overflows in mpg123 02022-05-01
CVEList
CVE-2006-1655: Multiple buffer overflows in mpg123 02006-04-06
OSV
CVE-2006-1655: Multiple buffer overflows in mpg123 02006-04-06

📋Vendor Advisories

1
Debian
CVE-2006-1655: mp3gain - Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigg...2006
CVE-2006-1655 — Mpg123 vulnerability | cvebase