{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93520?format=json","vulnerability_id":"VCID-fnec-475d-q3gf","summary":"Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value.  NOTE: some of these details are obtained from third party information.","aliases":[{"alias":"CVE-2009-1301"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116793?format=json","purl":"pkg:deb/debian/mpg123@1.7.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.7.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/516658?format=json","purl":"pkg:deb/debian/mpg123@1.12.1-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-u85u-m4n7-sya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.12.1-3"},{"url":"http://public2.vulnerablecode.io/api/packages/116770?format=json","purl":"pkg:deb/debian/mpg123@1.26.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.26.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116768?format=json","purl":"pkg:deb/debian/mpg123@1.31.2-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.31.2-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116773?format=json","purl":"pkg:deb/debian/mpg123@1.32.10-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.32.10-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116771?format=json","purl":"pkg:deb/debian/mpg123@1.33.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.33.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/193098?format=json","purl":"pkg:ebuild/media-sound/mpg123@1.7.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-sound/mpg123@1.7.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516651?format=json","purl":"pkg:deb/debian/mpg123@0.59o-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-858p-d89j-1fcf"},{"vulnerability":"VCID-88ns-znrm-f3e6"},{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cdqa-gapb-gkfb"},{"vulnerability":"VCID-cqsb-s171-4khu"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-etwe-38ku-v3en"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-k2pp-dxbk-tbhx"},{"vulnerability":"VCID-pb63-c6sn-dqfm"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-tbjb-2963-hue7"},{"vulnerability":"VCID-u85u-m4n7-sya3"},{"vulnerability":"VCID-zfpw-4qs9-nudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59o-2"},{"url":"http://public2.vulnerablecode.io/api/packages/516652?format=json","purl":"pkg:deb/debian/mpg123@0.59o-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-858p-d89j-1fcf"},{"vulnerability":"VCID-88ns-znrm-f3e6"},{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cdqa-gapb-gkfb"},{"vulnerability":"VCID-cqsb-s171-4khu"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-etwe-38ku-v3en"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-k2pp-dxbk-tbhx"},{"vulnerability":"VCID-pb63-c6sn-dqfm"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-tbjb-2963-hue7"},{"vulnerability":"VCID-u85u-m4n7-sya3"},{"vulnerability":"VCID-zfpw-4qs9-nudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59o-3"},{"url":"http://public2.vulnerablecode.io/api/packages/516653?format=json","purl":"pkg:deb/debian/mpg123@0.59q-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-858p-d89j-1fcf"},{"vulnerability":"VCID-88ns-znrm-f3e6"},{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cdqa-gapb-gkfb"},{"vulnerability":"VCID-cqsb-s171-4khu"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-etwe-38ku-v3en"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-k2pp-dxbk-tbhx"},{"vulnerability":"VCID-pb63-c6sn-dqfm"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-tbjb-2963-hue7"},{"vulnerability":"VCID-u85u-m4n7-sya3"},{"vulnerability":"VCID-zfpw-4qs9-nudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59q-2"},{"url":"http://public2.vulnerablecode.io/api/packages/516654?format=json","purl":"pkg:deb/debian/mpg123@0.59r-13woody4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-858p-d89j-1fcf"},{"vulnerability":"VCID-88ns-znrm-f3e6"},{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cdqa-gapb-gkfb"},{"vulnerability":"VCID-cqsb-s171-4khu"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-etwe-38ku-v3en"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-k2pp-dxbk-tbhx"},{"vulnerability":"VCID-pb63-c6sn-dqfm"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-u85u-m4n7-sya3"},{"vulnerability":"VCID-zfpw-4qs9-nudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59r-13woody4"},{"url":"http://public2.vulnerablecode.io/api/packages/516655?format=json","purl":"pkg:deb/debian/mpg123@0.59r-20sarge1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cqsb-s171-4khu"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-k2pp-dxbk-tbhx"},{"vulnerability":"VCID-pb63-c6sn-dqfm"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-u85u-m4n7-sya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.59r-20sarge1"},{"url":"http://public2.vulnerablecode.io/api/packages/516656?format=json","purl":"pkg:deb/debian/mpg123@0.61-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-u85u-m4n7-sya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@0.61-5"},{"url":"http://public2.vulnerablecode.io/api/packages/516657?format=json","purl":"pkg:deb/debian/mpg123@1.4.3-4lenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b2uw-ydsg-fbau"},{"vulnerability":"VCID-cv5f-xysy-mfgb"},{"vulnerability":"VCID-d58a-h7ew-buhk"},{"vulnerability":"VCID-d5pc-yexh-2kby"},{"vulnerability":"VCID-fnec-475d-q3gf"},{"vulnerability":"VCID-rgue-duz7-fkcw"},{"vulnerability":"VCID-sxrg-nt5k-3ffx"},{"vulnerability":"VCID-t816-d94b-rfb4"},{"vulnerability":"VCID-u85u-m4n7-sya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpg123@1.4.3-4lenny1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1301","reference_id":"","reference_type":"","scores":[{"value":"0.08801","scoring_system":"epss","scoring_elements":"0.9267","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08801","scoring_system":"epss","scoring_elements":"0.92682","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08801","scoring_system":"epss","scoring_elements":"0.92678","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08801","scoring_system":"epss","scoring_elements":"0.92674","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301"},{"reference_url":"https://security.gentoo.org/glsa/200904-15","reference_id":"GLSA-200904-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-15"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.1","risk_score":0.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnec-475d-q3gf"}