- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json
- JSON Data
-
https://api.osv.dev/v1/vulns/CLSA-2026-1779694248
- Upstream
- Published
- 2026-05-25T07:30:53Z
- Modified
- 2026-05-29T01:17:42.155908952Z
- Summary
-
mpg123: Fix of CVE-2024-10573
- Details
-
- CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams
could lead to heap corruption and potential arbitrary code execution; decode
the MPEG header into a temporary copy that is only applied to the live
handle after the frame body is validated (upstream svn-r5442, main fix), and
gate decodetheframe() behind a FRAMEDECODERLIVE state bit so it cannot
run with stale state when decode_update() failed (upstream svn-r4991 plus
the bug-324 precedence fix from 1.29.2, follow-up safeguard).
- References
-
Affected packages
CLSA-2026-1779694248 - OSV
