libmodplug: integer overflow
| Package(s): | libmodplug |
CVE #(s): | CVE-2009-1438
|
| Created: | April 28, 2009 |
Updated: | December 4, 2009 |
| Description: |
From the CVE entry: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow. |
| Alerts: |
| Mandriva |
MDVSA-2009:128-1 |
libmodplug |
2009-12-03 |
| Debian |
DSA-1851-1 |
gst-plugins-bad0.10 |
2009-08-06 |
| Debian |
DSA-1850-1 |
libmodplug |
2009-08-04 |
| Gentoo |
200907-07 |
libmodplug |
2009-07-12 |
| SuSE |
SUSE-SR:2009:012 |
optipng, cups, quagga, pango, strongswan, perl-DBD-Pg, irssi, openssl/libopenssl-devel, net-snmp, ImageMagick/GraphicsMagick, perl, ipsec-tools/novell-ipsec-tools, poppler/libpoppler3/libpoppler4, yast2-ldap-server, tomcat6, gstreamer-plugins/gstreamer010-plugins-bad, apache2-mod_php5 |
2009-07-03 |
| Mandriva |
MDVSA-2009:128 |
libmodplug |
2009-06-04 |
| Ubuntu |
USN-771-1 |
libmodplug |
2009-05-07 |
| Fedora |
FEDORA-2009-4068 |
libmodplug |
2009-04-28 |
| Fedora |
FEDORA-2009-4064 |
libmodplug |
2009-04-28 |
|
