A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVSS Score
8.3
EPSS Score
0.006
Published
2019-05-09
Buffer overflow in mpg123 before 1.18.0.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-08-29
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-07-10
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
CVSS Score
10.0
EPSS Score
0.088
Published
2009-04-16