Vulnerability Description
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mpg123 | Mpg123 | 0.59r |
References
- http://marc.info/?l=bugtraq&m=109834486312407&w=2
- http://secunia.com/advisories/12908
- http://securitytracker.com/id?1011832
- http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
- http://www.debian.org/security/2004/dsa-578PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
- http://www.osvdb.org/11023
- http://www.securityfocus.com/bid/11468PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17574
- http://marc.info/?l=bugtraq&m=109834486312407&w=2
- http://secunia.com/advisories/12908
- http://securitytracker.com/id?1011832
- http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
- http://www.debian.org/security/2004/dsa-578PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
FAQ
What is CVE-2004-0982?
CVE-2004-0982 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a lo...
How severe is CVE-2004-0982?
CVE-2004-0982 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0982?
Check the references section above for vendor advisories and patch information. Affected products include: Mpg123 Mpg123.