CVE-2009-1301
EPSS 8.8%
Description
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
How to fix CVE-2009-1301
To remediate CVE-2009-1301, upgrade the affected package to a fixed version below.
- Debian/mpg123—upgrade to 1.7.2-1 or later
Is CVE-2009-1301 being exploited?
Moderate — EPSS is 8.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.7.2-1