Mpg123: >> Mpg123 >> pre0.59s_r11 Security Vulnerabilities
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
CVSS Score
10.0
EPSS Score
0.088
Published
2009-04-16
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVSS Score
4.3
EPSS Score
0.01
Published
2007-01-30
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
CVSS Score
7.5
EPSS Score
0.07
Published
2006-07-06