Description
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Horst Schirmeier · textdoslinux
https://www.exploit-db.com/exploits/28160
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18794
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200607-01.xml
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=133988
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20937
Scores
EPSS
0.0967
EPSS Percentile
93.0%
Details
Status
published
Products (1)
mpg123/mpg123
pre0.59s_r11
Published
Jul 06, 2006
Tracked Since
Feb 18, 2026