6.7
CVE-2024-10573
- EPSS 0.09%
- Published 31.10.2024 19:15:12
- Last modified 18.12.2024 09:15:05
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://sourceforge.net/projects/mpg123/
≫
Package
mpg123
Default Statusunaffected
Version <
1.32.8
Version
0
Status
affected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.32.9-1.el8_10
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.32.9-1.el9_5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 7
Default Statusunknown
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.263 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.