CVE-2009-1301 — Mpg123 vulnerability

CWE-1897 documents6 sources

Severity

10.0CRITICALNVD

EPSS

8.8%

top 7.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mpg123

Timeline

PublishedApr 16

Latest updateMay 2

Description

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmpg123/mpg123< 1.7.2-1+3

▶NVDmpg123/mpg1231.7.1+13

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-m2p5-8fw8-jgcg: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1↗2022-05-02

▶

OSV

CVE-2009-1301: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1↗2009-04-16

▶

CVEList

CVE-2009-1301: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1↗2009-04-16

▶

💥Exploits & PoCs

Exploit-DB

Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit)↗2012-05-21

▶

Exploit-DB

Foxit Reader 3.0 (Build 1301) - PDF Universal Buffer Overflow↗2009-03-13

▶

📋Vendor Advisories

Debian

CVE-2009-1301: mpg123 - Integer signedness error in the store_id3_text function in the ID3v2 code in mpg...↗2009

▶