CVE-2004-0805
mpg123 - missing user input sanitising
EPSS 5.8%
Description
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
How to fix CVE-2004-0805
To remediate CVE-2004-0805, upgrade the affected package to a fixed version below.
- Debian/mp3gain—upgrade to 1.5.2-r2-6 or later
- Debian/mpg123—upgrade to 0.59r-16 or later
- Debian/mpg123—upgrade to 0.59r-13woody3 or later
Is CVE-2004-0805 being exploited?
Moderate — EPSS is 5.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.5.2-r2-6
- from 0, < 0.59r-16
- from 0, < 0.59r-13woody3