Vulnerabilities (CVE)

Filtered by vendor Mpg123 Subscribe

Filtered by product Mpg123

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-10683	1 Mpg123	1 Mpg123	2020-03-03	5.0 MEDIUM	7.5 HIGH
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
CVE-2017-12839	1 Mpg123	1 Mpg123	2019-05-10	6.8 MEDIUM	8.3 HIGH
A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.
CVE-2014-9497	1 Mpg123	1 Mpg123	2017-09-03	5.0 MEDIUM	7.5 HIGH
Buffer overflow in mpg123 before 1.18.0.