Vulnerability Name:

CVE-2004-0991 (CCN-18827)

Assigned:2004-11-02
Published:2005-01-10
Updated:2008-09-10
Summary:Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Bugzilla Bug 76862
media-sound/mpg123

Source: MITRE
Type: CNA
CVE-2004-0991

Source: CCN
Type: SA13779
mpg123 Mpeg Layer-2 Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
13779

Source: SECUNIA
Type: UNKNOWN
13788

Source: SECUNIA
Type: UNKNOWN
13899

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200501-14

Source: CCN
Type: GLSA-200501-14
mpg123: Buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:009

Source: CCN
Type: mpg123 Web site
mpg123, Fast MP3 Player for Linux and UNIX systems

Source: CCN
Type: OSVDB ID: 12802
mpg123 Frame Header Overflow

Source: CCN
Type: OSVDB ID: 25834
SAP Business Connector deleteSingle fullName Variable Arbitrary File Deletion

Source: BID
Type: UNKNOWN
12218

Source: CCN
Type: BID-12218
MPG123 Layer 2 Frame Header Heap Overflow Vulnerability

Source: XF
Type: UNKNOWN
mpg123-frame-header-bo(18827)

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mpg123:mpg123:0.59m:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59n:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59o:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59p:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59q:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*
  • OR cpe:/a:mpg123:mpg123:0.59s:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040991
    V
    CVE-2004-0991
    2015-11-16
    BACK
    mpg123 mpg123 0.59m
    mpg123 mpg123 0.59n
    mpg123 mpg123 0.59o
    mpg123 mpg123 0.59p
    mpg123 mpg123 0.59q
    mpg123 mpg123 0.59r
    mpg123 mpg123 0.59s
    suse suse linux 8.0
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2