Description
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Bartlomiej Sieka · textremotelinux
https://www.exploit-db.com/exploits/24852
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18626
Exploit, Vendor Advisory x_refsource_misc
http://tigger.uic.edu/~jlongs2/holes/mpg123.txt
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_01_sr.html
Scores
EPSS
0.0581
EPSS Percentile
90.6%
Details
Status
published
Products (7)
mpg123/mpg123
0.59m
mpg123/mpg123
0.59n
mpg123/mpg123
0.59o
mpg123/mpg123
0.59p
mpg123/mpg123
0.59q
mpg123/mpg123
0.59r
mpg123/mpg123
pre0.59s
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026