CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12839
https://notcve.org/view.php?id=CVE-2017-12839
09 May 2019 — A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. se presenta una vulnerabilidad en una sobre-lectura del búfer en la región heap de la memoria en la función getbits en src/libmpg123/ getbits.h en mpg123 versión 1.25.5, permite a los atacantes remotos generar una posible Denegación de Servicio (DoS) (lectu... • https://sourceforge.net/p/mpg123/bugs/255 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12797
https://notcve.org/view.php?id=CVE-2017-12797
29 Aug 2017 — Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. Un desbordamiento de números enteros en la función INT123_parse_new_id3 en el párser ID3 en mpg123 en versiones anteriores a la 1.25.5 en plataformas de 32 bits permite que atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado, lo que desencadena... • https://sourceforge.net/p/mpg123/bugs/254 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11126
https://notcve.org/view.php?id=CVE-2017-11126
10 Jul 2017 — The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. La función III_i_stereo en el archivo libmpg123/layer3.c en mpg123 hasta versión 1.25.1, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer y bloqueo de aplicación) por medio de un ... • http://openwall.com/lists/oss-security/2017/07/10/4 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9497 – Gentoo Linux Security Advisory 201502-01
https://notcve.org/view.php?id=CVE-2014-9497
06 Feb 2015 — Buffer overflow in mpg123 before 1.18.0. Existe una vulnerabilidad de desbordamiento de búfer en mpg123 en versiones anteriores a la 1.18.0. A vulnerability has been found in mpg123, which could result in arbitrary code execution. Versions less than 1.18.1 are affected. • http://www.openwall.com/lists/oss-security/2015/01/04/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 14EXPL: 0CVE-2009-1301
https://notcve.org/view.php?id=CVE-2009-1301
16 Apr 2009 — Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. Error de presencia de signo entero en la función store_id3_text en el código ID3v2 en mpg123 antes de 1.7.2 permite a atacantes remotos provocar una denegación de servicio (acces... • http://bugs.gentoo.org/show_bug.cgi?id=265342 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2007-0578
https://notcve.org/view.php?id=CVE-2007-0578
30 Jan 2007 — The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. La función http_open de httpget.c en mpg123 anterior al 0.64 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) cerrando la conexión HTTP prematuramente. • http://osvdb.org/40128 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2006-1655
https://notcve.org/view.php?id=CVE-2006-1655
06 Apr 2006 — Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. • http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl •
CVSS: 9.8EPSS: 5%CPEs: 15EXPL: 0CVE-2004-0991
https://notcve.org/view.php?id=CVE-2004-0991
11 Jan 2005 — Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. • http://secunia.com/advisories/13779 •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 2CVE-2004-1284 – MPG123 0.59 - Find Next File Remote Client-Side Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1284
22 Dec 2004 — Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. • https://www.exploit-db.com/exploits/24852 •
CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0CVE-2004-0982
https://notcve.org/view.php?id=CVE-2004-0982
19 Nov 2004 — Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. • http://marc.info/?l=bugtraq&m=109834486312407&w=2 •