6.7

CVE-2024-10573

EPSS 0.07%
Veröffentlicht 31.10.2024 19:15:12
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

CNA 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://sourceforge.net/projects/mpg123/

≫

Paket mpg123

Default Statusunaffected

Version 0

Version < 1.32.8

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:1.32.9-1.el8_10

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:1.32.9-1.el9_5

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusunknown

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.215

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2024:11193

https://access.redhat.com/errata/RHSA-2024:11242

https://access.redhat.com/security/cve/CVE-2024-10573

https://bugzilla.redhat.com/show_bug.cgi?id=2322980

https://mpg123.org/cgi-bin/news.cgi#2024-10-26

http://www.openwall.com/lists/oss-security/2024/10/30/3

http://www.openwall.com/lists/oss-security/2024/10/31/4

http://www.openwall.com/lists/oss-security/2024/11/01/1

https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html

https://nvd.nist.gov/vuln/detail/CVE-2024-10573

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10573

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10573

EUVD