ID CVE-2004-0991
Summary Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
References
Vulnerable Configurations
  • cpe:2.3:a:mpg123:mpg123:0.59m
    cpe:2.3:a:mpg123:mpg123:0.59m
  • cpe:2.3:a:mpg123:mpg123:0.59n
    cpe:2.3:a:mpg123:mpg123:0.59n
  • cpe:2.3:a:mpg123:mpg123:0.59o
    cpe:2.3:a:mpg123:mpg123:0.59o
  • cpe:2.3:a:mpg123:mpg123:0.59p
    cpe:2.3:a:mpg123:mpg123:0.59p
  • cpe:2.3:a:mpg123:mpg123:0.59q
    cpe:2.3:a:mpg123:mpg123:0.59q
  • cpe:2.3:a:mpg123:mpg123:0.59r
    cpe:2.3:a:mpg123:mpg123:0.59r
  • cpe:2.3:a:mpg123:mpg123:0.59s
    cpe:2.3:a:mpg123:mpg123:0.59s
  • SuSE SuSE Linux 8.0
    cpe:2.3:o:suse:suse_linux:8.0
  • cpe:2.3:o:suse:suse_linux:8.0:-:i386
    cpe:2.3:o:suse:suse_linux:8.0:-:i386
  • SuSE SuSE Linux 8.1
    cpe:2.3:o:suse:suse_linux:8.1
  • SuSE SuSE Linux 8.2
    cpe:2.3:o:suse:suse_linux:8.2
  • SuSE SuSE Linux 9.0
    cpe:2.3:o:suse:suse_linux:9.0
  • cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
    cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
  • SuSE SuSE Linux 9.1
    cpe:2.3:o:suse:suse_linux:9.1
  • SuSE SuSE Linux 9.2
    cpe:2.3:o:suse:suse_linux:9.2
CVSS
Base: 7.5 (as of 17-06-2005 - 14:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-14 (mpg123: Buffer overflow) mpg123 improperly parses frame headers in input streams. Impact : By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running mpg123. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 16405
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16405
    title GLSA-200501-14 : mpg123: Buffer overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3CC84400657611D9A9E70001020EED82.NASL
    description Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in input streams. This vulnerability can potentially lead to execution of arbitrary code with the permissions of the user running mpg123, if the user runs mpg123 on a specially crafted MP2 or MP3 file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 18907
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18907
    title FreeBSD : mpg123 -- buffer overflow vulnerability (3cc84400-6576-11d9-a9e7-0001020eed82)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-009.NASL
    description A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitrary code with the permissions of the user running mpg123. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16218
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16218
    title Mandrake Linux Security Advisory : mpg123 (MDKSA-2005:009)
refmap via4
bid 12218
gentoo GLSA-200501-14
mandrake MDKSA-2005:009
secunia
  • 13779
  • 13788
  • 13899
Last major update 10-09-2008 - 15:28
Published 11-01-2005 - 00:00
Back to Top