CVE-2009-1301

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1460%

EPSS Percentile41.42th

PublishedApr 16, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Mpg123

<= 1.7.1

📦

Mpg123

= 0.59m

📦

Mpg123

= 0.59n

📦

Mpg123

= 0.59o

📦

Mpg123

= 0.59p

📦

Mpg123

= 0.59q

📦

Mpg123

= 0.59r

📦

Mpg123

= 0.59s

📦

Mpg123

= 0.62

📦

Mpg123

= 1.6.3

📦

Mpg123

= 1.6.4

📦

Mpg123

= 1.7.0

📦

Mpg123

= pre0.59s

📦

Mpg123

= pre0.59s_r11

References & Advisories

🔗 http://bugs.gentoo.org/show_bug.cgi?id=265342

🔗 http://secunia.com/advisories/34587

🔗 http://secunia.com/advisories/34748

🔗 http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local

🔗 http://sourceforge.net/project/shownotes.php?release_id=673696

🔗 http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml

🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2009:093

🔗 http://www.securityfocus.com/bid/34381

Vulnerability Description

Affected Platforms (CPE)

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

Mpg123

References & Advisories

Related Vulnerabilities