Mpg123 Player Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host is running mpg123 Player which is prone to denial of service vulnerability.

Impact

Successful exploitation will let the attacker trigger out of bounds memory access and thus execute arbitrary code and possibly crash the application. Impact level: Application

Solution

Update to version 1.7.2 http://www.mpg123.de/download.shtml

Insight

This flaw is due to integer signedness error in the store_id3_text function in the ID3v2 code when processing ID3v2 tags with negative encoding values.

Affected

mpg123 Player prior to 1.7.2 on Linux.

References

http://secunia.com/advisories/34587
http://www.vupen.com/english/advisories/2009/0936

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1301
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV Denial of Service Vulnerability (Linux)
Avast! Zoo Denial of Service Vulnerability
Apple iTunes Local Privilege Escalation Vulnerability
Apache 'mod_deflate' Denial Of Service Vulnerability - July09
Check for RealServer DoS

mpg123 Player Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities