10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.109 Low
EPSS
Percentile
95.2%
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows
remote attackers to execute arbitrary code via a long URL, which is not
properly terminated before being used with the strncpy function. NOTE:
This appears to be the result of an incomplete patch for CVE-2004-0982.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.10 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 7.04 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 7.10 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 8.04 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 8.10 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 9.04 | noarch | mpg123 | < 0.60-3 | UNKNOWN |
ubuntu | 9.10 | noarch | mpg123 | < 0.60-3 | UNKNOWN |