CVE-2009-1301

Published Apr 16, 2009

Last updated 16 years ago

Overview

Description: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE444055-2ECC-4E90-BAEB-1D7F8A1C7045",
            "versionEndIncluding": "1.7.1"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59m:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A46F3026-9958-460C-AB14-593C216E12D9"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D782ECC-6223-4055-A812-36625B50517D"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59o:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74027FB8-195D-432C-A4AB-83829C81FFBB"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59p:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2330232E-59BF-4885-84DC-879BAB98BA81"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59q:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "124B56BC-EF2F-42D8-81B5-AD4E854CA9BC"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F8EEF7E-C6BB-4669-81D2-68AABF8A7686"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.59s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1144518D-4069-4903-9B45-56C0E97BC992"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:0.62:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F101A71C-6467-4008-9CCB-E2B9F69513FE"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5C11F12-01A2-48A7-9A4D-4D07E6C2D8D7"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93106E19-1059-4040-A5FA-569A1B7EF8C9"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7123CC8-1F0C-4069-A2DA-0A25418E551E"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AE94FDE-EC0C-48A1-A1E9-B4112CA4B0D0"
          },
          {
            "criteria": "cpe:2.3:a:mpg123:mpg123:pre0.59s_r11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9765C6AD-E1F0-421C-B7B1-C09AD83A3DB7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References