CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1284

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile33.80th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.

Affected Platforms (CPE)

πŸ“¦
Mpg123

Mpg123

= 0.59m
πŸ“¦
Mpg123

Mpg123

= 0.59n
πŸ“¦
Mpg123

Mpg123

= 0.59o
πŸ“¦
Mpg123

Mpg123

= 0.59p
πŸ“¦
Mpg123

Mpg123

= 0.59q
πŸ“¦
Mpg123

Mpg123

= 0.59r
πŸ“¦
Mpg123

Mpg123

= pre0.59s

References & Advisories

πŸ”— http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
πŸ”— http://www.novell.com/linux/security/advisories/2005_01_sr.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18626
πŸ”— http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
πŸ”— http://www.novell.com/linux/security/advisories/2005_01_sr.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18626

Related Vulnerabilities

CVE-2004-098210.0

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or lo...

CVE-2009-130110.0

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause ...

CVE-2017-128398.3

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers ...

CVE-2003-05777.5

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero ...