ID CVE-2004-0982
Summary Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
References
Vulnerable Configurations
  • cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*
    cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*
  • cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*
    cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 11468
bugtraq 20041019 mpg123 "getauthfromurl" buffer overflow
debian DSA-578
gentoo GLSA-200410-27
misc http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
osvdb 11023
sectrack 1011832
secunia 12908
xf mpg123-getauthfromurl-bo(17574)
Last major update 11-07-2017 - 01:30
Published 09-02-2005 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top