What is the severity of REDHAT-BUG-2322980?

The severity of REDHAT-BUG-2322980 is considered high due to the potential for heap corruption and arbitrary code execution.

How do I fix REDHAT-BUG-2322980?

To fix REDHAT-BUG-2322980, update to the latest patched version of mpg123 that addresses this vulnerability.

Which versions of mpg123 are affected by REDHAT-BUG-2322980?

All versions of mpg123 prior to the patched release are potentially affected by REDHAT-BUG-2322980.

Can REDHAT-BUG-2322980 be exploited remotely?

Yes, REDHAT-BUG-2322980 can be exploited remotely through crafted streams that trigger the out-of-bounds write condition.

What are the potential impacts of REDHAT-BUG-2322980?

The potential impacts of REDHAT-BUG-2322980 include heap corruption leading to arbitrary code execution, which can compromise system security.

Vulnerability/
REDHAT-BUG-2322980

medium

31/10/2024

17/12/2024

REDHAT-BUG-2322980

First published: Thu Oct 31 2024(Updated: )

There's a out-of-bounds write issue in mpg123, the vulnerability is located when handling crafted streams. During the decoding of PCM the libmpg123 may write past the end of a heap located buffer, as consequence heap corruption may happen and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload needs to be validated by the MPEG decoder and by the PCM synth before being executed. Additionally to successfully execute the attack,the user needs to scan through the stream making web live stream content (such as web radios) a very unlikely attack vector.

Affected Software	Affected Version	How to fix
mpg123

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2322980?
The severity of REDHAT-BUG-2322980 is considered high due to the potential for heap corruption and arbitrary code execution.
How do I fix REDHAT-BUG-2322980?
To fix REDHAT-BUG-2322980, update to the latest patched version of mpg123 that addresses this vulnerability.
Which versions of mpg123 are affected by REDHAT-BUG-2322980?
All versions of mpg123 prior to the patched release are potentially affected by REDHAT-BUG-2322980.
Can REDHAT-BUG-2322980 be exploited remotely?
Yes, REDHAT-BUG-2322980 can be exploited remotely through crafted streams that trigger the out-of-bounds write condition.
What are the potential impacts of REDHAT-BUG-2322980?
The potential impacts of REDHAT-BUG-2322980 include heap corruption leading to arbitrary code execution, which can compromise system security.

agent/severity
agent/description
agent/type
agent/first-publish-date
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-10573
agent/last-modified-date
agent/references
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/mpg123
canonical/mpg123

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.