Upstream information

CVE-2017-10683 at MITRE

Description

In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 1046766 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.3
  • libmpg123-0 >= 1.25.2-1.1
  • libmpg123-0-32bit >= 1.25.7-10.1
  • libmpg123-0-debuginfo >= 1.25.7-10.1
  • libmpg123-0-debuginfo-32bit >= 1.25.7-10.1
  • libout123-0 >= 1.25.7-10.1
  • libout123-0-32bit >= 1.25.7-10.1
  • libout123-0-debuginfo >= 1.25.7-10.1
  • libout123-0-debuginfo-32bit >= 1.25.7-10.1
  • mpg123 >= 1.25.7-10.1
  • mpg123-debuginfo >= 1.25.7-10.1
  • mpg123-debugsource >= 1.25.7-10.1
  • mpg123-devel >= 1.25.7-10.1
  • mpg123-devel-32bit >= 1.25.7-10.1
  • mpg123-esound >= 1.25.2-1.1
  • mpg123-esound-32bit >= 1.25.7-10.1
  • mpg123-esound-debuginfo >= 1.25.7-10.1
  • mpg123-esound-debuginfo-32bit >= 1.25.7-10.1
  • mpg123-jack >= 1.25.7-10.1
  • mpg123-jack-32bit >= 1.25.7-10.1
  • mpg123-jack-debuginfo >= 1.25.7-10.1
  • mpg123-jack-debuginfo-32bit >= 1.25.7-10.1
  • mpg123-openal >= 1.25.2-1.1
  • mpg123-openal-32bit >= 1.25.7-10.1
  • mpg123-openal-debuginfo >= 1.25.7-10.1
  • mpg123-openal-debuginfo-32bit >= 1.25.7-10.1
  • mpg123-portaudio >= 1.25.7-10.1
  • mpg123-portaudio-32bit >= 1.25.7-10.1
  • mpg123-portaudio-debuginfo >= 1.25.7-10.1
  • mpg123-portaudio-debuginfo-32bit >= 1.25.7-10.1
  • mpg123-pulse >= 1.25.2-1.1
  • mpg123-pulse-32bit >= 1.25.7-10.1
  • mpg123-pulse-debuginfo >= 1.25.7-10.1
  • mpg123-pulse-debuginfo-32bit >= 1.25.7-10.1
  • mpg123-sdl >= 1.25.7-10.1
  • mpg123-sdl-32bit >= 1.25.7-10.1
  • mpg123-sdl-debuginfo >= 1.25.7-10.1
  • mpg123-sdl-debuginfo-32bit >= 1.25.7-10.1
Patchnames:
openSUSE Leap 42.3 GA libmpg123-0
openSUSE-2017-1139