CVE-2004-0982: Buffer Overflow
First published: Fri Nov 19 2004(Updated: )
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mpg123 Mpg123 | =0.59r | |
| Mpg123 Mpg123 | =pre0.59s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11468
- http://www.debian.org/security/2004/dsa-578
- http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
- http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
- http://www.osvdb.org/11023
- http://securitytracker.com/id?1011832
- http://secunia.com/advisories/12908
- http://marc.info/?l=bugtraq&m=109834486312407&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17574
- collector/nvd-historical
- vendor/mpg123
- product/mpg123
- canonical/mpg123 mpg123
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/mpg123 mpg123/0.59r
- version/mpg123 mpg123/pre0.59s