CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2004-0982
https://notcve.org/view.php?id=CVE-2004-0982
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. • http://marc.info/?l=bugtraq&m=109834486312407&w=2 http://secunia.com/advisories/12908 http://securitytracker.com/id?1011832 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.debian.org/security/2004/dsa-578 http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.osvdb.org/11023 http://www.securityfocus.com/bid/11468 https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 •
CVSS: 7.5EPSS: 11%CPEs: 8EXPL: 0CVE-2004-0805
https://notcve.org/view.php?id=CVE-2004-0805
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. Desbordamiento de búfer en layer2.c en mpg123 0.59r y posiblemente en mpg123 0.59s permite a atacantes remotos ejecutar código arbitrario mediante ciertos ficheros mp3 o mp2. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.html http://www.alighieri.org/advisories/advisory-mpg123.txt http://www.debian.org/security/2004/dsa-564 http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100 http://www.securityfocus.com/archive/1/374433 http://www.securityfocus.com/bid/11121 https://exchange.xforce.ibmcloud.com/vulnerabilities/17287 •
CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 3CVE-2003-0865 – MPG123 0.59 - Remote File Play Heap Corruption
https://notcve.org/view.php?id=CVE-2003-0865
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. Desbordamiento de búfer basado en el montón en readstring de httpget.c de mpg123 0.59r y 0.59s permite a atacantes remotos ejecutar código arbitrario mediante una petición muy grande. • https://www.exploit-db.com/exploits/23171 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000781 http://marc.info/?l=bugtraq&m=106493686331198&w=2 http://www.debian.org/security/2004/dsa-435 http://www.securityfocus.com/archive/1/338641 http://www.securityfocus.com/bid/8680 •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2003-0577
https://notcve.org/view.php?id=CVE-2003-0577
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. mpg123 0.59r permite a atacantes remotos causar denegación de servicio, y posiblemente ejecutar código arbitrario mediante un fichero MP3 con tasa binaria cero, lo que crea un tamaño de marco negativo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695 http://secunia.com/advisories/7875 http://www.mandriva.com/security/advisories?name=MDKSA-2003:078 http://www.securityfocus.com/archive/1/306903 http://www.securityfocus.com/bid/6629 •