LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2003-0577
CVE STATUS: Patched
CVE SUMMARY: mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0577

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2003-0865
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0865

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2004-0805
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0805

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2004-0982
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0982

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2004-0991
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0991

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2004-1284
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1284

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2006-1655
CVE STATUS: Patched
CVE SUMMARY: Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3.  NOTE: this issue might be related to CVE-2004-0991, but it is not clear.
CVSS v2 BASE SCORE: 6.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1655

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2006-3355
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function.  NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3355

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2007-0578
CVE STATUS: Patched
CVE SUMMARY: The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0578

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2007-4397
CVE STATUS: Patched
CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4397

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2009-1301
CVE STATUS: Patched
CVE SUMMARY: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value.  NOTE: some of these details are obtained from third party information.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1301

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2014-9497
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in mpg123 before 1.18.0.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9497

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2017-10683
CVE STATUS: Patched
CVE SUMMARY: In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10683

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2017-11126
CVE STATUS: Patched
CVE SUMMARY: The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11126

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2017-12797
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12797

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2017-12839
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.3
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12839

LAYER: meta
PACKAGE NAME: mpg123
PACKAGE VERSION: 1.32.10
CVE: CVE-2017-9545
CVE STATUS: Patched
CVE SUMMARY: The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9545