CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0982

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile0.96th
PublishedFeb 9, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Affected Platforms (CPE)

πŸ“¦
Mpg123

Mpg123

= 0.59r
πŸ“¦
Mpg123

Mpg123

= pre0.59s

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=109834486312407&w=2
πŸ”— http://secunia.com/advisories/12908
πŸ”— http://securitytracker.com/id?1011832
πŸ”— http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
πŸ”— http://www.debian.org/security/2004/dsa-578
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
πŸ”— http://www.osvdb.org/11023
πŸ”— http://www.securityfocus.com/bid/11468

Related Vulnerabilities

CVE-2004-128410.0

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code vi...

CVE-2009-130110.0

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause ...

CVE-2017-128398.3

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers ...

CVE-2003-05777.5

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero ...