← Back

CVE-2009-1301

nvd nist
Published: Apr 16, 2009Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.

Affected (14)

Products: Mpg123: Mpg123
Mpg123
1 product
Mpg123
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Mpg123
Mpg123
Up to 1.7.1
Mpg123
Version 0.59m
Mpg123
Version 0.59n
Mpg123
Version 0.59o
Mpg123
Version 0.59p
Mpg123
Version 0.59q
Mpg123
Version 0.59r
Mpg123
Version 0.59s
Mpg123
Version 0.62
Mpg123
Version 1.6.3
Mpg123
Version 1.6.4
Mpg123
Version 1.7.0
Mpg123
Version pre0.59s
Mpg123
Version pre0.59s_r11

Related CWEs

CWE-189
CWE-189

References (18)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.