CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9497
https://notcve.org/view.php?id=CVE-2014-9497
Buffer overflow in mpg123 before 1.18.0. Existe una vulnerabilidad de desbordamiento de búfer en mpg123 en versiones anteriores a la 1.18.0. • http://www.openwall.com/lists/oss-security/2015/01/04/5 https://security.gentoo.org/glsa/201502-01 https://sourceforge.net/p/mpg123/bugs/201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 14EXPL: 0CVE-2009-1301
https://notcve.org/view.php?id=CVE-2009-1301
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. Error de presencia de signo entero en la función store_id3_text en el código ID3v2 en mpg123 antes de 1.7.2 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria fuera de rango) y posiblemente ejecutar código de su elección mediante una etiqueta ID3 con un valor de codificación negativo. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://bugs.gentoo.org/show_bug.cgi?id=265342 http://secunia.com/advisories/34587 http://secunia.com/advisories/34748 http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local http://sourceforge.net/project/shownotes.php?release_id=673696 http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:093 http://www.securityfocus.com/bid/34381 http://www.vupen.com/english/advisories/2009/0936 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 0CVE-2007-0578
https://notcve.org/view.php?id=CVE-2007-0578
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 http://www.mpg123.de/cgi-bin/news.cgi http://www.securityfocus.com/bid/22274 http://www.vupen.com/english/advisories/2007/0366 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2006-3355 – Gentoo-Specific MPG123 - URI Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3355
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. Desbordamiento de búfer de la memoria libre para la reserva dinámica en el archivo httpdget.c de mpg123 en versiones anteriores a 0.59s-rll que permite a los atacantes remotos ejecutar código arbitrario a través de una larga URL, la cual no es finalizada adecuadamente antes de ser utilizada con la función strncpy. NOTA: Esto parece ser el resultado de un parche incompleto para CVE-2004-0982 • https://www.exploit-db.com/exploits/28160 http://bugs.gentoo.org/show_bug.cgi?id=133988 http://secunia.com/advisories/20937 http://security.gentoo.org/glsa/glsa-200607-01.xml http://www.securityfocus.com/bid/18794 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1655
https://notcve.org/view.php?id=CVE-2006-1655
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. • http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl http://secunia.com/advisories/20240 http://secunia.com/advisories/20275 http://secunia.com/advisories/20281 http://www.debian.org/security/2006/dsa-1074 http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 http://www.securityfocus.com/bid/17365 •