CVE-2009-1301

🗓️ 16 Apr 2009 15:00:00Reported by mitreType

CVE-2009-1301 Integer signedness error in store_id3_text function in ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an ID3 tag with a negative encoding value

Reporter	Title	Published	Views	Family All 21
Cvelist	CVE-2009-1301	16 Apr 200915:00	–	cvelist
Debian CVE	CVE-2009-1301	16 Apr 200915:00	–	debiancve
EUVD	EUVD-2009-1299	7 Oct 202500:30	–	euvd
Tenable Nessus	GLSA-200904-15 : mpg123: User-assisted execution of arbitrary code	17 Apr 200900:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : mpg123 (MDVSA-2009:093-1)	23 Apr 200900:00	–	nessus
Gentoo Linux	mpg123: User-assisted execution of arbitrary code	16 Apr 200900:00	–	gentoo
NVD	CVE-2009-1301	16 Apr 200915:12	–	nvd
OpenVAS	Gentoo Security Advisory GLSA 200904-15 (mpg123)	20 Apr 200900:00	–	openvas
OpenVAS	Mandrake Security Advisory MDVSA-2009:093 (mpg123)	28 Apr 200900:00	–	openvas
OpenVAS	Mandriva Security Advisory MDVSA-2009:093-1 (mpg123)	14 Dec 200900:00	–	openvas

NVD

Node

mpg123 mpg123Range≤1.7.1

mpg123 mpg123Match0.59m

mpg123 mpg123Match0.59n

mpg123 mpg123Match0.59o

mpg123 mpg123Match0.59p

mpg123 mpg123Match0.59q

mpg123 mpg123Match0.59r

mpg123 mpg123Match0.59s

mpg123 mpg123Match0.62

mpg123 mpg123Match1.6.3

mpg123 mpg123Match1.6.4

mpg123 mpg123Match1.7.0

mpg123 mpg123Matchpre0.59s

mpg123 mpg123Matchpre0.59s_r11

Source	Link
mandriva	www.mandriva.com/security/advisories
sourceforge	www.sourceforge.net/project/shownotes.php
secunia	www.secunia.com/advisories/34748
sourceforge	www.sourceforge.net/mailarchive/message.php
gentoo	www.gentoo.org/security/en/glsa/glsa-200904-15.xml
secunia	www.secunia.com/advisories/34587
bugs	www.bugs.gentoo.org/show_bug.cgi
securityfocus	www.securityfocus.com/bid/34381
vupen	www.vupen.com/english/advisories/2009/0936

23 Apr 2026 00:35Current

7.6High risk

Vulners AI Score7.6

CVSS 210

EPSS0.08801

CWE-189