Release date:
2026-05-25 07:30:53 UTC
Description:
- CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams
could lead to heap corruption and potential arbitrary code execution; decode
the MPEG header into a temporary copy that is only applied to the live
handle after the frame body is validated (upstream svn-r5442, main fix), and
gate decode_the_frame() behind a FRAME_DECODER_LIVE state bit so it cannot
run with stale state when decode_update() failed (upstream svn-r4991 plus
the bug-324 precedence fix from 1.29.2, follow-up safeguard).
Updated packages:
-
mpg123-1.26.2-5.el9_2.tuxcare.els1.x86_64.rpm
sha:c12cb2deadd7f9b499b7a4b13aa95413903c5332d5a6adc987433ffddb4f0b01
-
mpg123-devel-1.26.2-5.el9_2.tuxcare.els1.i686.rpm
sha:1757e94a5ac70e9c57d656a59c5c9db1636c0e98669441c3c77e15448e24311f
-
mpg123-devel-1.26.2-5.el9_2.tuxcare.els1.x86_64.rpm
sha:0e8f7f181764ed0b987221ee41d62450683647f8e35f58c1b15296efbd145028
-
mpg123-libs-1.26.2-5.el9_2.tuxcare.els1.i686.rpm
sha:59b166a7eaa453166962ddf21fdc89fcbd240bc8dad8d9228f4b910b95a05bcf
-
mpg123-libs-1.26.2-5.el9_2.tuxcare.els1.x86_64.rpm
sha:e8b07da351c248bb98c0599c81112fa9c4894fa337ba5a7a2760c11a85751dec
-
mpg123-plugins-pulseaudio-1.26.2-5.el9_2.tuxcare.els1.x86_64.rpm
sha:dfcc96a6356cff4ece775970ce07dddd8343969cac49440623f363365ffe1146
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
