CVE-2004-0982
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-10-24 CVE Reserved
- 2004-11-19 CVE Published
- 2023-10-27 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109834486312407&w=2 | Mailing List | |
| http://secunia.com/advisories/12908 | Third Party Advisory | |
| http://securitytracker.com/id?1011832 | Vdb Entry | |
| http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt | X_refsource_misc | |
| http://www.osvdb.org/11023 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2004/dsa-578 | 2017-07-11 | |
| http://www.securityfocus.com/bid/11468 | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mpg123 Search vendor "Mpg123" | Mpg123 Search vendor "Mpg123" for product "Mpg123" | 0.59r Search vendor "Mpg123" for product "Mpg123" and version "0.59r" | - |
Affected
| ||||||
| Mpg123 Search vendor "Mpg123" | Mpg123 Search vendor "Mpg123" for product "Mpg123" | pre0.59s Search vendor "Mpg123" for product "Mpg123" and version "pre0.59s" | - |
Affected
| ||||||