| Release | Version |
|---|---|
| jessie | 1.20.1-2+deb8u1 |
| stretch | 1.23.8-1 |
| buster | 1.25.10-2 |
| bullseye | 1.26.4-1 |
| bookworm | 1.31.2-1 |
| bookworm (security) | 1.31.2-1+deb12u1 |
| trixie | 1.32.9-1 |
| sid | 1.32.9-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10573 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | An out-of-bounds write flaw was found in mpg123 when handling crafted ... |
| CVE-2017-12839 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | A heap-based buffer over-read in the getbits function in src/libmpg123 ... |
| CVE-2017-12797 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | Integer overflow in the INT123_parse_new_id3 function in the ID3 parse ... |
| CVE-2017-10683 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | In mpg123 1.25.0, there is a heap-based buffer over-read in the conver ... |
| CVE-2017-9545 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11126 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ... |
| Bug | Description |
|---|---|
| CVE-2016-1000247 | mpg123 memory overread |
| CVE-2014-9497 | Buffer overflow in mpg123 before 1.18.0. |
| CVE-2009-1301 | Integer signedness error in the store_id3_text function in the ID3v2 c ... |
| CVE-2007-0578 | The http_open function in httpget.c in mpg123 before 0.64 allows remot ... |
| CVE-2006-3355 | Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll al ... |
| CVE-2006-1655 | Multiple buffer overflows in mpg123 0.59r allow user-assisted attacker ... |
| CVE-2004-1284 | Buffer overflow in the find_next_file function in playlist.c for mpg12 ... |
| CVE-2004-0991 | Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to e ... |
| CVE-2004-0982 | Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ... |
| CVE-2004-0805 | Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ... |
| CVE-2003-0865 | Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ... |
| CVE-2003-0577 | mpg123 0.59r allows remote attackers to cause a denial of service and ... |
| DSA / DLA | Description |
|---|---|
| DSA-5811-1 | mpg123 - security update |
| DLA-1017-1 | mpg123 - security update |
| DLA-655-1 | mpg123 - security update |
| DSA-1074-1 | mpg123 - buffer overflow |
| DSA-578-1 | mpg123 - buffer overflow |
| DSA-564-1 | mpg123 - missing user input sanitising |
| DSA-435 | mpg123 - heap overflow |