{"id":"CVE-2017-11126","details":"The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type != 2\" case, a similar issue to CVE-2017-9870.","modified":"2026-03-14T09:23:47.670076Z","published":"2017-07-10T03:29:00.253Z","related":["openSUSE-SU-2024:11061-1"],"references":[{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/07/10/4"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.25.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11126.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}