CVE-2024-10573

EUVD-2024-33569
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
redhatCNA
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Debian logo
Debian Releases
Debian Product
Codename
mpg123
bookworm
1.31.2-1+deb12u1
fixed
bookworm (security)
1.31.2-1+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
1.26.4-1+deb11u1
fixed
forky
1.33.3-1
fixed
sid
1.33.3-2
fixed
trixie
1.32.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mpg123
bionic
needs-triage
focal
Fixed 1.25.13-1ubuntu0.2
released
jammy
Fixed 1.29.3-1ubuntu0.1
released
noble
Fixed 1.32.5-1ubuntu1.1
released
oracular
Fixed 1.32.7-1ubuntu0.1
released
plucky
Fixed 1.32.8-1
released
questing
Fixed 1.32.8-1
released
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:11193
https://access.redhat.com/errata/RHSA-2024:11242
https://access.redhat.com/security/cve/CVE-2024-10573
https://bugzilla.redhat.com/show_bug.cgi?id=2322980
https://mpg123.org/cgi-bin/news.cgi#2024-10-26
http://www.openwall.com/lists/oss-security/2024/10/30/3
http://www.openwall.com/lists/oss-security/2024/10/31/4
http://www.openwall.com/lists/oss-security/2024/11/01/1
https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html