10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.9%
Carlos Barros reports that mpg123 contains two buffer
overflows. These vulnerabilities can potentially lead to
execution of arbitrary code.
The first buffer overflow can occur when mpg123 parses a
URL with a user-name/password field that is more than 256
characters long. This problem can be triggered either
locally or remotely via a specially crafted play list. The
second potential buffer overflow may be triggered locally by
a specially crafted symlink to the mpg123 binary. This
problem is not as serious, since mpg123 is not installed
setuid by default.