Lucene search
GoogleOSV:DSA-435HistoryFeb 06, 2004 - 12:00 a.m.
mpg123 - heap overflow
2004-02-0600:00:00
Google
osv.dev
9
EPSS
0.445
Percentile
97.4%
A vulnerability was discovered in mpg123, a command-line mp3 player,
whereby a response from a remote HTTP server could overflow a buffer
allocated on the heap, potentially permitting execution of arbitrary
code with the privileges of the user invoking mpg123. In order for
this vulnerability to be exploited, mpg123 would need to request an
mp3 stream from a malicious remote server via HTTP.
For the current stable distribution (woody) this problem has been
fixed in version 0.59r-13woody2.
For the unstable distribution (sid) this problem has been fixed in
version 0.59r-15.
We recommend that you update your mpg123 package.
References
Related
cvelist
cvelist
CVE-2003-0865
2003-10-17 04:00:00
openvas
openvas
Debian Security Advisory DSA 435-1 (mpg123)
2008-01-17 00:00:00
Debian Security Advisory DSA 435-1 (mpg123)
2008-01-17 00:00:00
FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound
2008-09-04 00:00:00
debiancve
debiancve
CVE-2003-0865
2003-11-17 05:00:00
nessus
nessus
Debian DSA-435-1 : mpg123 - heap overflow
2004-09-29 00:00:00
FreeBSD : mpg123 vulnerabilities (118)
2004-07-06 00:00:00
FreeBSD : mpg123 vulnerabilities (9fccad5a-7096-11d8-873f-0020ed76ef5a)
2009-04-23 00:00:00
exploitdb
exploitdb
MPG123 0.59 - Remote File Play Heap Corruption
2003-09-23 00:00:00
nvd
nvd
CVE-2003-0865
2003-11-17 05:00:00
cve
cve
CVE-2003-0865
2003-11-17 05:00:00
debian
debian
[SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow
2004-02-06 18:14:39
freebsd
freebsd
mpg123 vulnerabilities
2003-01-16 00:00:00