Published: 09/02/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mpg123 mpg123 0.59r
mpg123 mpg123 pre0.59s

Carlos Barros has discovered a buffer overflow in the HTTP authentication routine of mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player If a user opened a malicious playlist or URL, an attacker might execute arbitrary code with the rights of the calling user For the stable distribution (woody) this problem has been fixed in version 0 ...

NVD-CWE-Other http://www.securityfocus.com/bid/11468 http://www.debian.org/security/2004/dsa-578 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.osvdb.org/11023 http://securitytracker.com/id?1011832 http://secunia.com/advisories/12908 http://marc.info/?l=bugtraq&m=109834486312407&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17574 https://nvd.nist.gov https://www.debian.org/security/./dsa-578

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0982

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect