CLSA-2026-1779694248

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/CLSA-2026-1779694248

Upstream

Published

2026-05-25T07:30:53Z

Modified

2026-05-27T11:17:53.606120849Z

Summary

mpg123: Fix of CVE-2024-10573

Details

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated (upstream svn-r5442, main fix), and gate decodetheframe() behind a FRAMEDECODERLIVE state bit so it cannot run with stale state when decode_update() failed (upstream svn-r4991 plus the bug-324 precedence fix from 1.29.2, follow-up safeguard).

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.2-5.el9_2.tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.2-5.el9_2.tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.2-5.el9_2.tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.2-5.el9_2.tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"