{"id":"CLSA-2026-1779694248","summary":"mpg123: Fix of CVE-2024-10573","details":"- CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams\n  could lead to heap corruption and potential arbitrary code execution; decode\n  the MPEG header into a temporary copy that is only applied to the live\n  handle after the frame body is validated (upstream svn-r5442, main fix), and\n  gate decode_the_frame() behind a FRAME_DECODER_LIVE state bit so it cannot\n  run with stale state when decode_update() failed (upstream svn-r4991 plus\n  the bug-324 precedence fix from 1.29.2, follow-up safeguard).","modified":"2026-06-01T00:32:35.046617283Z","published":"2026-05-25T07:30:53Z","upstream":["CVE-2024-10573"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1779694248.html"}],"affected":[{"package":{"name":"mpg123","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/mpg123?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-5.el9_2.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"}},{"package":{"name":"mpg123-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/mpg123-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-5.el9_2.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"}},{"package":{"name":"mpg123-libs","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/mpg123-libs?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-5.el9_2.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"}},{"package":{"name":"mpg123-plugins-pulseaudio","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/mpg123-plugins-pulseaudio?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-5.el9_2.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779694248.json"}}],"schema_version":"1.7.5"}