CVE-2009-1438

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Konstanty Bialkowski libmodplug

First reported 15 years ago

2009-04-27 18:00:00

Last updated 7 years ago

2017-08-17 01:30:00

Affected Software

Konstanty Bialkowski libmodplug 0.8

0.8

Konstanty Bialkowski libmodplug 0.8.4

0.8.4

References

http://bugs.gentoo.org/show_bug.cgi?id=266913

SUSE-SR:2009:012

http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2

53801

Patch

34797

Vendor Advisory

34930

35026

35685

35736

36158

36183

GLSA-200907-07

http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275

Patch

DSA-1850

DSA-1851

MDVSA-2009:128

[oss-security] 20090421 CVE Request -- libmodplug

FEDORA-2009-4064

FEDORA-2009-4068

30801

Exploit, Patch

USN-771-1

ADV-2009-1104

Patch, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=496834

libmodplug-csoundfilereadmed-bo(50388)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.