CVE Alert: CVE-2024-10573
Vulnerability Summary: CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
Affected Endpoints:
No affected endpoints listed.
Published Date:
10/31/2024, 7:15:12 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://access.redhat.com/security/cve/CVE-2024-10573
- https://bugzilla.redhat.com/show_bug.cgi?id=2322980
- https://mpg123.org/cgi-bin/news.cgi#2024-10-26
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
