CVE-2007-0578Infinite Loop in Mpg123

5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.5%
top 18.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mpg123
Timeline
PublishedJan 30
Latest updateMay 1

Description

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianmpg123/mpg123< 0.61-5+3
NVDmpg123/mpg12311 versions+10

Patches

Patch: sourceforge.netPatch: www.mpg123.dePatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-qfpc-wg9f-4mr9: The http_open function in httpget2022-05-01
CVEList
CVE-2007-0578: The http_open function in httpget2007-01-30
OSV
CVE-2007-0578: The http_open function in httpget2007-01-30

📋Vendor Advisories

1
Debian
CVE-2007-0578: mpg123 - The http_open function in httpget.c in mpg123 before 0.64 allows remote attacker...2007
CVE-2007-0578 — Infinite Loop in Mpg123 | cvebase