Slackware Linux 15.0 / current mpg123 Vulnerability (SSA:2026-117-01)

The version of mpg123 installed on the remote host is prior to 1.33.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-117-01 advisory. New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

MiracleLinux 8 : mpg123-1.32.9-1.el8_10 (AXSA:2024-9431:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9431:01 advisory. mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2017-18476

Malware in sbrugna...

EUVD-2004-0980

Malware in sbrugna...

EUVD-2006-3352

Malware in sbrugna...

EUVD-2014-9314

Malware in sbrugna...

EUVD-2017-2763

Malware in sbrugna...

EUVD-2003-0571

Malware in sbrugna...

Medium: mpg123

Issue Overview: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to...

TencentOS Server 3: mpg123 (TSSA-2024:1143)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1143 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: mpg123 (TSSA-2024:0737)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0737 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0286: mpg123 (ALINUX3-SA-2024:0286)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0286 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-10573: An out-of-bounds write flaw was fou...

RHEL 8 : mpg123 (RHSA-2024:11193)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11193 advisory. The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3,...

mpg123: Buffer overflow when writing decoded PCM samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

mpg123: Buffer overflow when writing decoded PCM samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

USN-7092-2 mpg123 vulnerability

USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or...

Ubuntu 20.04 LTS : mpg123 vulnerability (USN-7092-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7092-2 advisory. USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucaris discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologi...

[SECURITY] [DSA 5811-1] mpg123 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5811-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2024 https://www.debian.org/security/faq -...

Debian dsa-5811 : libmpg123-0 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5811 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5811-1 [email protected] https://www.debian.org/security/...

USN-7092-1: mpg123 vulnerability

It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code...