RHEL 9 : mpg123:1.32.9 (RHSA-2024:11242)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11242 advisory. The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3,...

Updated mpg123 packages fix security vulnerability

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this fla...

MGASA-2018-0386 Updated mpg123 packages fix security vulnerability

The mpg123 project has fixed several bugs in the player, including an invalid read. We upgrade to the latest version which cumulates all those fixes...

MGASA-2016-0358 Updated mpg123 packages fix security vulnerability

Jerold Hoong discovered a flaw in the id3 tag processing code of libmpg123. A specially crafted mp3 input file could be used to cause a buffer over-read, resulting in a denial of service CVE-2016-1000247...