CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 0CVE-2007-0578
https://notcve.org/view.php?id=CVE-2007-0578
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 http://www.mpg123.de/cgi-bin/news.cgi http://www.securityfocus.com/bid/22274 http://www.vupen.com/english/advisories/2007/0366 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2006-3355 – Gentoo-Specific MPG123 - URI Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3355
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. Desbordamiento de búfer de la memoria libre para la reserva dinámica en el archivo httpdget.c de mpg123 en versiones anteriores a 0.59s-rll que permite a los atacantes remotos ejecutar código arbitrario a través de una larga URL, la cual no es finalizada adecuadamente antes de ser utilizada con la función strncpy. NOTA: Esto parece ser el resultado de un parche incompleto para CVE-2004-0982 • https://www.exploit-db.com/exploits/28160 http://bugs.gentoo.org/show_bug.cgi?id=133988 http://secunia.com/advisories/20937 http://security.gentoo.org/glsa/glsa-200607-01.xml http://www.securityfocus.com/bid/18794 •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 2CVE-2004-1284 – MPG123 0.59 - Find Next File Remote Client-Side Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1284
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. • https://www.exploit-db.com/exploits/24852 http://tigger.uic.edu/~jlongs2/holes/mpg123.txt http://www.novell.com/linux/security/advisories/2005_01_sr.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18626 •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2004-0982
https://notcve.org/view.php?id=CVE-2004-0982
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. • http://marc.info/?l=bugtraq&m=109834486312407&w=2 http://secunia.com/advisories/12908 http://securitytracker.com/id?1011832 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.debian.org/security/2004/dsa-578 http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.osvdb.org/11023 http://www.securityfocus.com/bid/11468 https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2003-0577
https://notcve.org/view.php?id=CVE-2003-0577
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. mpg123 0.59r permite a atacantes remotos causar denegación de servicio, y posiblemente ejecutar código arbitrario mediante un fichero MP3 con tasa binaria cero, lo que crea un tamaño de marco negativo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695 http://secunia.com/advisories/7875 http://www.mandriva.com/security/advisories?name=MDKSA-2003:078 http://www.securityfocus.com/archive/1/306903 http://www.securityfocus.com/bid/6629 •