Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:11193

Опубликовано: 07 мая 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 (most commonly MPEG 1.0 layer 3 also known as MP3), as well as re-usable decoding and output libraries.

Security Fix(es):

  • mpg123: Buffer overflow when writing decoded PCM samples (CVE-2024-10573)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
mpg123x86_641.el8_10mpg123-1.32.9-1.el8_10.x86_64.rpm
mpg123-libsx86_641.el8_10mpg123-libs-1.32.9-1.el8_10.x86_64.rpm
mpg123-plugins-pulseaudiox86_641.el8_10mpg123-plugins-pulseaudio-1.32.9-1.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-10573

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-10573

CVSS3: 6.7
ubuntu
8 месяцев назад

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

redhat логотип

CVE-2024-10573

CVSS3: 6.7
redhat
8 месяцев назад

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

nvd логотип

CVE-2024-10573

CVSS3: 6.7
nvd
8 месяцев назад

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

debian логотип

CVE-2024-10573

CVSS3: 6.7
debian
8 месяцев назад

An out-of-bounds write flaw was found in mpg123 when handling crafted ...

redos логотип

ROS-20241220-02

CVSS3: 6.7
redos
6 месяцев назад

Уязвимость mpg123