Upstream information

CVE-2017-12797 at MITRE

Description

Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 1056999 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.3
  • libmpg123-0 >= 1.25.6-7.1
  • libmpg123-0-32bit >= 1.25.6-7.1
  • libmpg123-0-debuginfo >= 1.25.6-7.1
  • libmpg123-0-debuginfo-32bit >= 1.25.6-7.1
  • libout123-0 >= 1.25.6-7.1
  • libout123-0-32bit >= 1.25.6-7.1
  • libout123-0-debuginfo >= 1.25.6-7.1
  • libout123-0-debuginfo-32bit >= 1.25.6-7.1
  • mpg123 >= 1.25.6-7.1
  • mpg123-debuginfo >= 1.25.6-7.1
  • mpg123-debugsource >= 1.25.6-7.1
  • mpg123-devel >= 1.25.6-7.1
  • mpg123-devel-32bit >= 1.25.6-7.1
  • mpg123-esound >= 1.25.6-7.1
  • mpg123-esound-32bit >= 1.25.6-7.1
  • mpg123-esound-debuginfo >= 1.25.6-7.1
  • mpg123-esound-debuginfo-32bit >= 1.25.6-7.1
  • mpg123-jack >= 1.25.6-7.1
  • mpg123-jack-32bit >= 1.25.6-7.1
  • mpg123-jack-debuginfo >= 1.25.6-7.1
  • mpg123-jack-debuginfo-32bit >= 1.25.6-7.1
  • mpg123-openal >= 1.25.6-7.1
  • mpg123-openal-32bit >= 1.25.6-7.1
  • mpg123-openal-debuginfo >= 1.25.6-7.1
  • mpg123-openal-debuginfo-32bit >= 1.25.6-7.1
  • mpg123-portaudio >= 1.25.6-7.1
  • mpg123-portaudio-32bit >= 1.25.6-7.1
  • mpg123-portaudio-debuginfo >= 1.25.6-7.1
  • mpg123-portaudio-debuginfo-32bit >= 1.25.6-7.1
  • mpg123-pulse >= 1.25.6-7.1
  • mpg123-pulse-32bit >= 1.25.6-7.1
  • mpg123-pulse-debuginfo >= 1.25.6-7.1
  • mpg123-pulse-debuginfo-32bit >= 1.25.6-7.1
  • mpg123-sdl >= 1.25.6-7.1
  • mpg123-sdl-32bit >= 1.25.6-7.1
  • mpg123-sdl-debuginfo >= 1.25.6-7.1
  • mpg123-sdl-debuginfo-32bit >= 1.25.6-7.1
Patchnames:
openSUSE-2017-1035