CVE-2017-12797 in mpg123info

Summary

Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

08/10/2017

Disclosure

08/29/2017

Moderation

VulDB entry created

Entries

VDB-105913

CPE

ready

CWE

CWE-190 (Confirmed)

CVSS

5.4

EPSS

0.00474

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-12797
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-12797
CVE Details	https://www.cvedetails.com/cve/CVE-2017-12797/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!