CVE-2017-12839 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-12839 Interim 1 10 2023-06-26T00:13:54Z current 2021-05-30T14:00:15Z 2023-06-26T00:13:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-12839 A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 libmpg123-0 libout123-0 mpg123 mpg123-devel mpg123-pulse libmpg123-0 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libout123-0 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 mpg123 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 mpg123-devel as a component of SUSE Linux Enterprise Module for Desktop Applications 15 mpg123-pulse as a component of SUSE Linux Enterprise Module for Desktop Applications 15 A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. CVE-2017-12839 SUSE Linux Enterprise Module for Desktop Applications 15:libmpg123-0 SUSE Linux Enterprise Module for Desktop Applications 15:libout123-0 SUSE Linux Enterprise Module for Desktop Applications 15:mpg123 SUSE Linux Enterprise Module for Desktop Applications 15:mpg123-devel SUSE Linux Enterprise Module for Desktop Applications 15:mpg123-pulse low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L