CVE-2024-10573

Published Oct 31, 2024

Last updated 16 days ago

CVSS medium 6.7

Overview

Description
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-787

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10573 (Published: 2024-10-31) - A critical vulnerability in mpg123 affects multiple versions. Users are urged to update to the latest release immediately to mitigate risks. For more details, visit: https://t.co/sMNcXu06ps. Stay safe! #CyberSecurity #VulnerabilityAlert

    @transilienceai

    4 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10573 (Published: 10/31/2024) - A moderate vulnerability affecting Red Hat Nan. Ensure your systems are updated to the latest versions to mitigate risks. For detailed remediation steps, visit: https://t.co/HneIUwodXu. Stay secure! 🔒 #CyberSecurity #RedHat

    @transilienceai

    4 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Conse… https://t.co/uwkI9P5nrs

    @CVEnew

    31 Oct 2024

    206 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10573 Hello, I went ahead and assigned CVE-2024-10573 for this issue. I'll tr... https://t.co/Pz7xL0f139 Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    31 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References