FKIE_CVE-2009-1301

Vulnerability from fkie_nvd - Published: 2009-04-16 15:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=265342
cve@mitre.orghttp://secunia.com/advisories/34587Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34748
cve@mitre.orghttp://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=673696
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:093
cve@mitre.orghttp://www.securityfocus.com/bid/34381
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0936Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=265342
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34587Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34748
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=673696
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:093
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34381
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0936Patch, Vendor Advisory
Impacted products
Vendor Product Version
mpg123 mpg123 *
mpg123 mpg123 0.59m
mpg123 mpg123 0.59n
mpg123 mpg123 0.59o
mpg123 mpg123 0.59p
mpg123 mpg123 0.59q
mpg123 mpg123 0.59r
mpg123 mpg123 0.59s
mpg123 mpg123 0.62
mpg123 mpg123 1.6.3
mpg123 mpg123 1.6.4
mpg123 mpg123 1.7.0
mpg123 mpg123 pre0.59s
mpg123 mpg123 pre0.59s_r11
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE444055-2ECC-4E90-BAEB-1D7F8A1C7045",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46F3026-9958-460C-AB14-593C216E12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59n:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D782ECC-6223-4055-A812-36625B50517D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59o:*:*:*:*:*:*:*",
              "matchCriteriaId": "74027FB8-195D-432C-A4AB-83829C81FFBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59p:*:*:*:*:*:*:*",
              "matchCriteriaId": "2330232E-59BF-4885-84DC-879BAB98BA81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59q:*:*:*:*:*:*:*",
              "matchCriteriaId": "124B56BC-EF2F-42D8-81B5-AD4E854CA9BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8EEF7E-C6BB-4669-81D2-68AABF8A7686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.59s:*:*:*:*:*:*:*",
              "matchCriteriaId": "1144518D-4069-4903-9B45-56C0E97BC992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "F101A71C-6467-4008-9CCB-E2B9F69513FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C11F12-01A2-48A7-9A4D-4D07E6C2D8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93106E19-1059-4040-A5FA-569A1B7EF8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7123CC8-1F0C-4069-A2DA-0A25418E551E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE94FDE-EC0C-48A1-A1E9-B4112CA4B0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mpg123:mpg123:pre0.59s_r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9765C6AD-E1F0-421C-B7B1-C09AD83A3DB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Error de presencia de signo entero en la funci\u00f3n store_id3_text en el c\u00f3digo ID3v2 en mpg123 antes de 1.7.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a memoria fuera de rango) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una etiqueta ID3 con un valor de codificaci\u00f3n negativo. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-1301",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-16T15:12:57.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=265342"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34587"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34748"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=673696"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:093"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=265342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=673696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0936"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.