CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12839

HIGH
8.3
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile36.71th
PublishedMay 9, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.

Affected Platforms (CPE)

πŸ“¦
Mpg123

Mpg123

<= 1.25.5

References & Advisories

πŸ”— https://sourceforge.net/p/mpg123/bugs/255/
πŸ”— https://www.mpg123.de/
πŸ”— https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date
πŸ”— https://sourceforge.net/p/mpg123/bugs/255/
πŸ”— https://www.mpg123.de/
πŸ”— https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date

Related Vulnerabilities

CVE-2004-098210.0

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or lo...

CVE-2009-130110.0

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause ...

CVE-2004-128410.0

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code vi...

CVE-2003-08657.5

Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code...