Vulnerability Name: | CVE-2004-0991 (CCN-18827) | ||||||||
Assigned: | 2004-11-02 | ||||||||
Published: | 2005-01-10 | ||||||||
Updated: | 2008-09-10 | ||||||||
Summary: | Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Bugzilla Bug 76862 media-sound/mpg123 Source: MITRE Type: CNA CVE-2004-0991 Source: CCN Type: SA13779 mpg123 Mpeg Layer-2 Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 13779 Source: SECUNIA Type: UNKNOWN 13788 Source: SECUNIA Type: UNKNOWN 13899 Source: GENTOO Type: Patch, Vendor Advisory GLSA-200501-14 Source: CCN Type: GLSA-200501-14 mpg123: Buffer overflow Source: MANDRAKE Type: UNKNOWN MDKSA-2005:009 Source: CCN Type: mpg123 Web site mpg123, Fast MP3 Player for Linux and UNIX systems Source: CCN Type: OSVDB ID: 12802 mpg123 Frame Header Overflow Source: CCN Type: OSVDB ID: 25834 SAP Business Connector deleteSingle fullName Variable Arbitrary File Deletion Source: BID Type: UNKNOWN 12218 Source: CCN Type: BID-12218 MPG123 Layer 2 Frame Header Heap Overflow Vulnerability Source: XF Type: UNKNOWN mpg123-frame-header-bo(18827) Source: SUSE Type: SUSE-SR:2005:002 SUSE Security Summary Report | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |