Summary
This host is running mpg123 Player which is prone to denial of service vulnerability.
Impact
Successful exploitation will let the attacker trigger out of bounds memory access and thus execute arbitrary code and possibly crash the application.
Impact level: Application
Solution
Update to version 1.7.2
http://www.mpg123.de/download.shtml
Insight
This flaw is due to integer signedness error in the store_id3_text function in the ID3v2 code when processing ID3v2 tags with negative encoding values.
Affected
mpg123 Player prior to 1.7.2 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1301 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)
- ActFax LPD/LPR Server Denial of Service Vulnerability
- CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
- Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)