PT-2019-7930 · Mpg123+2 · Mpg123+2

Published

2017-08-16

Updated

2021-03-17

CVE-2017-12839

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions mpg123 versions 1.25.5 and earlier

Description A heap-based buffer over-read issue exists in the getbits function, potentially allowing remote attackers to cause a denial-of-service or have other unspecified impacts via a crafted mp3 file.

Recommendations For versions 1.25.5 and earlier, update to a version later than 1.25.5 to resolve the issue.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-2067

CVE-2017-12839

USN-4806-1

Affected Products

Alt Linux

Ubuntu

Mpg123

PT-2019-7930 · Mpg123+2 · Mpg123+2

CVE-2017-12839

Weakness Enumeration

Related Identifiers

Affected Products

References · 15