彙總 mpg123 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位、記憶體損壞、拒絕服務與整數處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2017-12839 | A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. | [email protected] | 8.3 | 2.90% | 2019-05-09 | 2026-06-16 |
| CVE-2014-9497 | Buffer overflow in mpg123 before 1.18.0. | [email protected] | 7.5 | 2.31% | 2017-08-29 | 2026-06-16 |
| CVE-2017-12797 | Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. | [email protected] | 5.5 | 1.19% | 2017-08-29 | 2026-06-16 |
| CVE-2017-9545 | The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. | [email protected] | 5.5 | 1.17% | 2017-07-27 | 2026-06-16 |
| CVE-2017-11126 | The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. | [email protected] | 5.5 | 1.39% | 2017-07-09 | 2026-06-16 |
| CVE-2017-10683 | In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. | [email protected] | 7.5 | 1.24% | 2017-06-29 | 2026-06-16 |
| CVE-2009-1301 | Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. | [email protected] | 10.0 | 5.44% | 2009-04-16 | 2026-06-16 |
| CVE-2007-0578 | The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. | [email protected] | 4.3 | 1.44% | 2007-01-30 | 2026-06-16 |
| CVE-2006-3355 | Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. | [email protected] | 7.5 | 6.40% | 2006-07-06 | 2026-06-16 |
| CVE-2006-1655 | Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. | [email protected] | 6.5 | 1.56% | 2006-04-06 | 2026-06-16 |
| CVE-2004-0982 | Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. | [email protected] | 10.0 | 6.53% | 2005-02-09 | 2026-06-16 |
| CVE-2004-0991 | Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | [email protected] | 7.5 | 3.58% | 2005-01-11 | 2026-06-16 |
| CVE-2004-1284 | Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. | [email protected] | 10.0 | 14.46% | 2005-01-10 | 2026-06-16 |
| CVE-2004-0805 | Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. | [email protected] | 7.5 | 3.79% | 2004-12-23 | 2026-06-16 |
| CVE-2003-0865 | Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. | [email protected] | 7.5 | 14.16% | 2003-11-17 | 2026-06-16 |
| CVE-2003-0577 | mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. | [email protected] | 7.5 | 3.74% | 2003-08-18 | 2026-06-16 |