CVE-2006-1655 — mpg123 - buffer overflow

Description

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.

How to fix CVE-2006-1655

To remediate CVE-2006-1655, upgrade the affected package to a fixed version below.

Debian/mp3gain—upgrade to 1.5.2-r2-6 or later
Debian/mpg123—upgrade to 0.59r-22 or later
Debian/mpg123—upgrade to 0.59r-20sarge1 or later

Is CVE-2006-1655 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.5.2-r2-6
from 0, < 0.59r-22
from 0, < 0.59r-20sarge1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-1655