[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1438Date: (C)2009-04-27   (M)2023-12-22


Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-30801
SECUNIA-34797
SECUNIA-34930
SECUNIA-35026
SECUNIA-35685
SECUNIA-35736
SECUNIA-36158
SECUNIA-36183
OSVDB-53801
ADV-2009-1104
DSA-1850
DSA-1851
FEDORA-2009-4064
FEDORA-2009-4068
GLSA-200907-07
MDVSA-2009:128
SUSE-SR:2009:012
USN-771-1
http://www.openwall.com/lists/oss-security/2009/04/21/4
http://bugs.gentoo.org/show_bug.cgi?id=266913
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&%3Br2=1.2
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
https://bugzilla.redhat.com/show_bug.cgi?id=496834
libmodplug-csoundfilereadmed-bo(50388)

CPE    3
cpe:/a:konstanty_bialkowski:libmodplug
cpe:/a:konstanty_bialkowski:libmodplug:0.8.4
cpe:/a:konstanty_bialkowski:libmodplug:0.8
CWE    1
CWE-189
OVAL    9
oval:org.secpod.oval:def:700372
oval:org.secpod.oval:def:600492
oval:org.secpod.oval:def:102307
oval:org.secpod.oval:def:102138
...

© SecPod Technologies