rpm package

opensuse/mpg123&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mpg123&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-10573	Med	6.7	< 1.32.9-1.1	1.32.9-1.1	Oct 31, 2024	An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exp
CVE-2017-11126	Med	5.5	< 1.29.0-1.2	1.29.0-1.2	Jul 10, 2017	The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-20
CVE-2017-10683	Hig	7.5	< 1.29.0-1.2	1.29.0-1.2	Jun 29, 2017	In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.

CVE-2024-10573MedOct 31, 2024
affected < 1.32.9-1.1fixed 1.32.9-1.1
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exp
CVE-2017-11126MedJul 10, 2017
affected < 1.29.0-1.2fixed 1.29.0-1.2
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-20
CVE-2017-10683HigJun 29, 2017
affected < 1.29.0-1.2fixed 1.29.0-1.2
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.