CVE-2004-0982 — mpg123 - buffer overflow

Description

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

How to fix CVE-2004-0982

To remediate CVE-2004-0982, upgrade the affected package to a fixed version below.

Debian/mpg123—upgrade to 0.59r-18 or later
Debian/mpg123—upgrade to 0.59r-13woody4 or later

Is CVE-2004-0982 being exploited?

Moderate — EPSS is 8.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.59r-18
from 0, < 0.59r-13woody4

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-0982