FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0865

This CVE name corresponds to:

Entered Topic
2004-03-07 mpg123 vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2003-0865
Phase Assigned(20031015)

Description

Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.

References

Source Reference
BUGTRAQ 20030923 mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.
BUGTRAQ 20030930 GLSA: mpg123 (200309-17)
CONECTIVA CLA-2003:781
DEBIAN DSA-435
SCO CSSA-2004-002.0
BID 8680