CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1301

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile41.42th
Published2009年4月16日
Last Modified2026年4月23日

Vulnerability Description

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Mpg123

Mpg123

<= 1.7.1
📦
Mpg123

Mpg123

= 0.59m
📦
Mpg123

Mpg123

= 0.59n
📦
Mpg123

Mpg123

= 0.59o
📦
Mpg123

Mpg123

= 0.59p
📦
Mpg123

Mpg123

= 0.59q
📦
Mpg123

Mpg123

= 0.59r
📦
Mpg123

Mpg123

= 0.59s
📦
Mpg123

Mpg123

= 0.62
📦
Mpg123

Mpg123

= 1.6.3
📦
Mpg123

Mpg123

= 1.6.4
📦
Mpg123

Mpg123

= 1.7.0
📦
Mpg123

Mpg123

= pre0.59s
📦
Mpg123

Mpg123

= pre0.59s_r11

References & Advisories

🔗 http://bugs.gentoo.org/show_bug.cgi?id=265342
🔗 http://secunia.com/advisories/34587
🔗 http://secunia.com/advisories/34748
🔗 http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local
🔗 http://sourceforge.net/project/shownotes.php?release_id=673696
🔗 http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2009:093
🔗 http://www.securityfocus.com/bid/34381

関連する脆弱性情報

CVE-2004-128410.0

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code vi...

CVE-2004-098210.0

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or lo...

CVE-2017-128398.3

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers ...

CVE-2003-05777.5

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero ...