This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| 15e0e963-02ed-11d9-a209-00061bc2ad93 | mpg123 buffer overflow The mpg123 software version 0.59r contains a buffer overflow vulnerability which may permit the execution of arbitrary code as the owner of the mpg123 process. Discovery 2003-08-16 Entry 2004-09-14 mpg123 mpg123-nas mpg123-esound le 0.59r CVE-2004-0805 http://www.alighieri.org/advisories/advisory-mpg123.txt |
| 20d16518-2477-11d9-814e-0001020eed82 | mpg123 -- buffer overflow in URL handling Carlos Barros reports that mpg123 contains two buffer overflows. These vulnerabilities can potentially lead to execution of arbitrary code. The first buffer overflow can occur when mpg123 parses a URL with a user-name/password field that is more than 256 characters long. This problem can be triggered either locally or remotely via a specially crafted play list. The second potential buffer overflow may be triggered locally by a specially crafted symlink to the mpg123 binary. This problem is not as serious, since mpg123 is not installed setuid by default. Discovery 2004-10-02 Entry 2004-10-23 Modified 2004-12-30 mpg123 mpg123-nas mpg123-esound < 0.59r_15 11468 CVE-2004-0982 http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407 |
| 3cc84400-6576-11d9-a9e7-0001020eed82 | mpg123 -- buffer overflow vulnerability Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in input streams. This vulnerability can potentially lead to execution of arbitrary code with the permissions of the user running mpg123, if the user runs mpg123 on a specially crafted MP2 or MP3 file. Discovery 2005-01-01 Entry 2005-01-13 mpg123 mpg123-nas mpg123-esound < 0.59r_17 CVE-2004-0991 |
| 877e918e-5362-11d9-96d4-00065be4b5b6 | mpg123 -- playlist processing buffer overflow vulnerability A buffer overflow vulnerability exists in the playlist processing of mpg123. A specially crafted playlist entry can cause a stack overflow that can be used to inject arbitrary code into the mpg123 process. Note that a malicious playlist, demonstrating this vulnerability, was released by the bug finder and may be used as a template by attackers. Discovery 2004-12-15 Entry 2005-01-03 Modified 2005-01-13 mpg123 mpg123-nas mpg123-esound le 0.59r_15 CVE-2004-1284 http://tigger.uic.edu/~jlongs2/holes/mpg123.txt http://secunia.com/advisories/13511/ http://xforce.iss.net/xforce/xfdb/18626 11958 http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132 |
| 9fccad5a-7096-11d8-873f-0020ed76ef5a | mpg123 vulnerabilities In 2003, two vulnerabilities were discovered in mpg123 that could result in remote code execution when using untrusted input or streaming from an untrusted server. Discovery 2003-01-16 Entry 2004-03-07 mpg123 mpg123-nas mpg123-esound le 0.59r_12 CVE-2003-0577 CVE-2003-0865 6629 8680 |