CVE-2004-0982

high

Description

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17574

http://www.securityfocus.com/bid/11468

http://www.osvdb.org/11023

http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml

http://www.debian.org/security/2004/dsa-578

http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt

http://securitytracker.com/id?1011832

http://secunia.com/advisories/12908

http://marc.info/?l=bugtraq&m=109834486312407&w=2

Details

Source: Mitre, NVD

Published: 2005-02-09

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.08227

Detections

Analytics