[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1438

Date: (C)2009-04-27   (M)2017-11-18 


Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-30801
SECUNIA-34797
SECUNIA-34930
SECUNIA-35026
SECUNIA-35685
SECUNIA-35736
SECUNIA-36158
SECUNIA-36183
OSVDB-53801
ADV-2009-1104
DSA-1850
DSA-1851
FEDORA-2009-4064
FEDORA-2009-4068
GLSA-200907-07
MDVSA-2009:128
SUSE-SR:2009:012
USN-771-1
http://www.openwall.com/lists/oss-security/2009/04/21/4
http://bugs.gentoo.org/show_bug.cgi?id=266913
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
https://bugzilla.redhat.com/show_bug.cgi?id=496834
libmodplug-csoundfilereadmed-bo(50388)

CPE    3
cpe:/a:konstanty_bialkowski:libmodplug:0.8.5
cpe:/a:konstanty_bialkowski:libmodplug:0.8.4
cpe:/a:konstanty_bialkowski:libmodplug:0.8
CWE    1
CWE-189
OVAL    9
oval:org.secpod.oval:def:300519
oval:org.secpod.oval:def:102307
oval:org.secpod.oval:def:102138
oval:org.secpod.oval:def:300829
...

© 2013 SecPod Technologies