CVE-2024-10573
Mpg123: buffer overflow when writing decoded pcm samples
CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
0th
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
| CWE | CWE-787 |
| Published | Oct 31, 2024 |
| Last Updated | Nov 20, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:11193 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:11242 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-10573 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2322980 mpg123.org: https://mpg123.org/cgi-bin/news.cgi#2024-10-26 openwall.com: http://www.openwall.com/lists/oss-security/2024/10/30/3 openwall.com: http://www.openwall.com/lists/oss-security/2024/10/31/4 openwall.com: http://www.openwall.com/lists/oss-security/2024/11/01/1 lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html