Page 2 of 13 results (0.007 seconds)

CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 0

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 http://www.mpg123.de/cgi-bin/news.cgi http://www.securityfocus.com/bid/22274 http://www.vupen.com/english/advisories/2007/0366 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. • http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl http://secunia.com/advisories/20240 http://secunia.com/advisories/20275 http://secunia.com/advisories/20281 http://www.debian.org/security/2006/dsa-1074 http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 http://www.securityfocus.com/bid/17365 •

CVSS: 7.5EPSS: 9%CPEs: 15EXPL: 0

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. • http://secunia.com/advisories/13779 http://secunia.com/advisories/13788 http://secunia.com/advisories/13899 http://security.gentoo.org/glsa/glsa-200501-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:009 http://www.securityfocus.com/bid/12218 •

CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 2

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. • https://www.exploit-db.com/exploits/24852 http://tigger.uic.edu/~jlongs2/holes/mpg123.txt http://www.novell.com/linux/security/advisories/2005_01_sr.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18626 •

CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. • http://marc.info/?l=bugtraq&m=109834486312407&w=2 http://secunia.com/advisories/12908 http://securitytracker.com/id?1011832 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.debian.org/security/2004/dsa-578 http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.osvdb.org/11023 http://www.securityfocus.com/bid/11468 https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 •