CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12839
https://notcve.org/view.php?id=CVE-2017-12839
09 May 2019 — A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. se presenta una vulnerabilidad en una sobre-lectura del búfer en la región heap de la memoria en la función getbits en src/libmpg123/ getbits.h en mpg123 versión 1.25.5, permite a los atacantes remotos generar una posible Denegación de Servicio (DoS) (lectu... • https://sourceforge.net/p/mpg123/bugs/255 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12797
https://notcve.org/view.php?id=CVE-2017-12797
29 Aug 2017 — Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. Un desbordamiento de números enteros en la función INT123_parse_new_id3 en el párser ID3 en mpg123 en versiones anteriores a la 1.25.5 en plataformas de 32 bits permite que atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado, lo que desencadena... • https://sourceforge.net/p/mpg123/bugs/254 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11126
https://notcve.org/view.php?id=CVE-2017-11126
10 Jul 2017 — The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. La función III_i_stereo en el archivo libmpg123/layer3.c en mpg123 hasta versión 1.25.1, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva de búfer y bloqueo de aplicación) por medio de un ... • http://openwall.com/lists/oss-security/2017/07/10/4 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9497 – Gentoo Linux Security Advisory 201502-01
https://notcve.org/view.php?id=CVE-2014-9497
06 Feb 2015 — Buffer overflow in mpg123 before 1.18.0. Existe una vulnerabilidad de desbordamiento de búfer en mpg123 en versiones anteriores a la 1.18.0. A vulnerability has been found in mpg123, which could result in arbitrary code execution. Versions less than 1.18.1 are affected. • http://www.openwall.com/lists/oss-security/2015/01/04/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 14EXPL: 0CVE-2009-1301
https://notcve.org/view.php?id=CVE-2009-1301
16 Apr 2009 — Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. Error de presencia de signo entero en la función store_id3_text en el código ID3v2 en mpg123 antes de 1.7.2 permite a atacantes remotos provocar una denegación de servicio (acces... • http://bugs.gentoo.org/show_bug.cgi?id=265342 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 1CVE-2007-4397
https://notcve.org/view.php?id=CVE-2007-4397
18 Aug 2007 — Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. Múltiples vulnerabilidades de inyección CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-in... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html •