CVE-2004-0982

EPSS 8.23%
Published 09.02.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Mpg123 ≫ Mpg123 Version0.59r

Mpg123 ≫ Mpg123 Versionpre0.59s

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.23%	0.914

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=109834486312407&w=2

http://secunia.com/advisories/12908

http://securitytracker.com/id?1011832

http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt

http://www.debian.org/security/2004/dsa-578

Patch

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml

http://www.osvdb.org/11023

http://www.securityfocus.com/bid/11468

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17574

https://nvd.nist.gov/vuln/detail/CVE-2004-0982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0982

EUVD