CVE-2014-9497
https://notcve.org/view.php?id=CVE-2014-9497
Buffer overflow in mpg123 before 1.18.0. Existe una vulnerabilidad de desbordamiento de búfer en mpg123 en versiones anteriores a la 1.18.0. • http://www.openwall.com/lists/oss-security/2015/01/04/5 https://security.gentoo.org/glsa/201502-01 https://sourceforge.net/p/mpg123/bugs/201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1301
https://notcve.org/view.php?id=CVE-2009-1301
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. Error de presencia de signo entero en la función store_id3_text en el código ID3v2 en mpg123 antes de 1.7.2 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria fuera de rango) y posiblemente ejecutar código de su elección mediante una etiqueta ID3 con un valor de codificación negativo. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://bugs.gentoo.org/show_bug.cgi?id=265342 http://secunia.com/advisories/34587 http://secunia.com/advisories/34748 http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local http://sourceforge.net/project/shownotes.php?release_id=673696 http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:093 http://www.securityfocus.com/bid/34381 http://www.vupen.com/english/advisories/2009/0936 • CWE-189: Numeric Errors •
CVE-2007-4397
https://notcve.org/view.php?id=CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. Múltiples vulnerabilidades de inyección CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, y otras secuencias de comandos no especificadas para XChat permite a atacantes remotos con la intervención del usuario ejecutar comandos IRC de su elección a través de secuencias CRLF en el nombre de la canción en un archivo .mp3. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html http://osvdb.org/39574 http://osvdb.org/39575 http://secunia.com/advisories/26454 http://secunia.com/advisories/26455 http://secunia.com/advisories/26484 http://secunia.com/advisories/26485 http://secunia.com/advisories/26486 http://secunia.com/advisories/26487 http://secunia.com/advisories/26488 http://securityreason.com/securityalert/3036 http://wouter.coekaerts.be/site/security/nowplaying http:/ •
CVE-2007-0578
https://notcve.org/view.php?id=CVE-2007-0578
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 http://www.mpg123.de/cgi-bin/news.cgi http://www.securityfocus.com/bid/22274 http://www.vupen.com/english/advisories/2007/0366 •
CVE-2006-1655
https://notcve.org/view.php?id=CVE-2006-1655
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. • http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl http://secunia.com/advisories/20240 http://secunia.com/advisories/20275 http://secunia.com/advisories/20281 http://www.debian.org/security/2006/dsa-1074 http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 http://www.securityfocus.com/bid/17365 •