CVE-2024-10573Out-of-bounds Write in Mpg123

CWE-787Out-of-bounds Write9 documents8 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 78.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mpg123
Timeline
PublishedOct 31
Latest updateNov 27

Description

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making w

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

Debianmpg123/mpg123< 1.26.4-1+deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2024-10573: An out-of-bounds write flaw was found in mpg123 when handling crafted streams2024-10-31
GHSA
GHSA-7m7j-pgpw-9g75: An out-of-bounds write flaw was found in mpg123 when handling crafted streams2024-10-31
CVEList
Mpg123: buffer overflow when writing decoded pcm samples2024-10-31

📋Vendor Advisories

4
Ubuntu
mpg123 vulnerability2024-11-27
Ubuntu
mpg123 vulnerability2024-11-05
Red Hat
mpg123: Buffer overflow when writing decoded PCM samples2024-10-30
Debian
CVE-2024-10573: mpg123 - An out-of-bounds write flaw was found in mpg123 when handling crafted streams. W...2024
CVE-2024-10573 — Out-of-bounds Write in Mpg123 | cvebase