Mpg123 Player Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host is running mpg123 Player which is prone to denial of service vulnerability.

Impact

Successful exploitation will let the attacker trigger out of bounds memory access and thus execute arbitrary code and possibly crash the application. Impact level: Application

Solution

Update to version 1.7.2 http://www.mpg123.de/download.shtml

Insight

This flaw is due to integer signedness error in the store_id3_text function in the ID3v2 code when processing ID3v2 tags with negative encoding values.

Affected

mpg123 Player prior to 1.7.2 on Linux.

References

http://secunia.com/advisories/34587
http://www.vupen.com/english/advisories/2009/0936

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1301

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV Multiple Vulnerabilities (Win)
Apache APR-Utils XML Parser Denial of Service Vulnerability
Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Win)
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability

mpg123 Player Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities