Back to search
CVE-2009-1438
Published: Apr 27, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
53801
vdb-entry
x_refsource_OSVDB
USN-771-1
vendor-advisory
x_refsource_UBUNTU
34797
third-party-advisory
x_refsource_SECUNIA
35736
third-party-advisory
x_refsource_SECUNIA
36183
third-party-advisory
x_refsource_SECUNIA
DSA-1850
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=496834
x_refsource_CONFIRM
DSA-1851
vendor-advisory
x_refsource_DEBIAN
36158
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=266913
x_refsource_CONFIRM
30801
vdb-entry
x_refsource_BID
MDVSA-2009:128
vendor-advisory
x_refsource_MANDRIVA
libmodplug-csoundfilereadmed-bo(50388)
vdb-entry
x_refsource_XF
35026
third-party-advisory
x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
x_refsource_CONFIRM
GLSA-200907-07
vendor-advisory
x_refsource_GENTOO
35685
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-4068
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-4064
vendor-advisory
x_refsource_FEDORA
ADV-2009-1104
vdb-entry
x_refsource_VUPEN
34930
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:012
vendor-advisory
x_refsource_SUSE
[oss-security] 20090421 CVE Request -- libmodplug
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now