Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rgue-duz7-fkcw
Vulnerability ID VCID-rgue-duz7-fkcw
Aliases CVE-2017-12797
Summary Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00474 https://api.first.org/data/v1/epss?cve=CVE-2017-12797
epss 0.00474 https://api.first.org/data/v1/epss?cve=CVE-2017-12797
epss 0.00474 https://api.first.org/data/v1/epss?cve=CVE-2017-12797
epss 0.00474 https://api.first.org/data/v1/epss?cve=CVE-2017-12797
epss 0.00474 https://api.first.org/data/v1/epss?cve=CVE-2017-12797
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-12797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12797
USN-USN-4806-1 https://usn.ubuntu.com/USN-4806-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.65134
EPSS Score 0.00474
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:02:48.162548+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0