A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVSS Score
8.3
EPSS Score
0.006
Published
2019-05-09
Buffer overflow in mpg123 before 1.18.0.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-08-29
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-08-29
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-07-27
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-07-10
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-06-29
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
CVSS Score
10.0
EPSS Score
0.088
Published
2009-04-16
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVSS Score
4.3
EPSS Score
0.01
Published
2007-01-30
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
CVSS Score
7.5
EPSS Score
0.07
Published
2006-07-06
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.
CVSS Score
6.5
EPSS Score
0.01
Published
2006-04-06
Page 1