CVE-2004-1284

mpg123 0.59r - Buffer Overflow in Playlist Parser

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1284. PoCs published by Bartlomiej Sieka.

AI-analyzed exploit summary The provided text describes a remote client-side buffer overflow vulnerability in mpg123 due to improper validation of user-supplied strings. An attacker could exploit this to execute arbitrary code with the privileges of the user running the application.

Description

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Bartlomiej Sieka · textremotelinux

https://www.exploit-db.com/exploits/24852

View Code ZIP pw:eip

The provided text describes a remote client-side buffer overflow vulnerability in mpg123 due to improper validation of user-supplied strings. An attacker could exploit this to execute arbitrary code with the privileges of the user running the application.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: mpg123 (version not specified)

No auth needed

Prerequisites: User interaction to open a malicious file or stream

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18626

Exploit, Vendor Advisory x_refsource_misc

http://tigger.uic.edu/~jlongs2/holes/mpg123.txt

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_01_sr.html

Scores

EPSS 0.1446

EPSS Percentile 96.2%

Details

Status published

Products (7)

mpg123/mpg123 0.59m

mpg123/mpg123 0.59n

mpg123/mpg123 0.59o

mpg123/mpg123 0.59p

mpg123/mpg123 0.59q

mpg123/mpg123 0.59r

mpg123/mpg123 pre0.59s

Published Jan 10, 2005

Tracked Since Feb 18, 2026