| Package | mpg123 |
|---|---|
| Version | 1.25.10-2+deb10u1 (buster) |
| Related CVEs | CVE-2024-10573 |
mpg123 a popular MPEG layer 1/2/3 audio player was affected by a vulnerability.
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen.
For Debian 10 buster, these problems have been fixed in version 1.25.10-2+deb10u1.
We recommend that you upgrade your mpg123 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.