Information on source package mpg123

Available versions

ReleaseVersion
jessie1.20.1-2+deb8u1
stretch1.23.8-1
buster1.25.10-2
bullseye1.26.4-1
bookworm1.31.2-1
trixie1.32.6-3
sid1.32.6-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2017-12839vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedfixedA heap-based buffer over-read in the getbits function in src/libmpg123 ...
CVE-2017-12797vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedInteger overflow in the INT123_parse_new_id3 function in the ID3 parse ...
CVE-2017-10683vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedIn mpg123 1.25.0, there is a heap-based buffer over-read in the conver ...
CVE-2017-9545vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedThe next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2017-11126vulnerablevulnerablefixedfixedfixedfixedfixedThe III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...

Resolved issues

BugDescription
CVE-2016-1000247mpg123 memory overread
CVE-2014-9497Buffer overflow in mpg123 before 1.18.0.
CVE-2009-1301Integer signedness error in the store_id3_text function in the ID3v2 c ...
CVE-2007-0578The http_open function in httpget.c in mpg123 before 0.64 allows remot ...
CVE-2006-3355Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll al ...
CVE-2006-1655Multiple buffer overflows in mpg123 0.59r allow user-assisted attacker ...
CVE-2004-1284Buffer overflow in the find_next_file function in playlist.c for mpg12 ...
CVE-2004-0991Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to e ...
CVE-2004-0982Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...
CVE-2004-0805Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...
CVE-2003-0865Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...
CVE-2003-0577mpg123 0.59r allows remote attackers to cause a denial of service and ...

Security announcements

DSA / DLADescription
DLA-1017-1mpg123 - security update
DLA-655-1mpg123 - security update
DSA-1074-1mpg123 - buffer overflow
DSA-578-1mpg123 - buffer overflow
DSA-564-1mpg123 - missing user input sanitising
DSA-435mpg123 - heap overflow

Search for package or bug name: Reporting problems