CVE-2017-12797 - OpenCVE

Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mpg123	Mpg123

Configuration 1 [-]

cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:x86:*

References

Link	Resource
https://sourceforge.net/p/mpg123/bugs/254/	Third Party Advisory
https://sourceforge.net/p/mpg123/mailman/message/35987663/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-29T15:00:00

Updated: 2017-08-29T14:57:02

Reserved: 2017-08-10T00:00:00

Link: CVE-2017-12797

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-08-29T15:29:00.800

Modified: 2017-09-06T19:24:50.577

Link: CVE-2017-12797

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:x86:*", "matchCriteriaId": "73CC7B71-F521-4732-9469-A7349FFB9A50", "versionEndIncluding": "1.25.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Un desbordamiento de n\u00fameros enteros en la funci\u00f3n INT123_parse_new_id3 en el p\u00e1rser ID3 en mpg123 en versiones anteriores a la 1.25.5 en plataformas de 32 bits permite que atacantes remotos provoquen una denegaci\u00f3n de servicio mediante un archivo manipulado, lo que desencadena un desbordamiento de b\u00fafer basado en mont\u00edculos."}], "id": "CVE-2017-12797", "lastModified": "2017-09-06T19:24:50.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-29T15:29:00.800", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/mpg123/bugs/254/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/mpg123/mailman/message/35987663/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}