Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities has been identified and fixed in libmodplug. Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow. Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
b70b0d9b7a04a44ef2a85cacf20ee9fe2b6ef96fedb09babb3464393ad527867Debian Security Advisory 1851-1 - It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name.
4895448f52ffe68e98196ec3721ff78244663b3346b4ace337499d3dd23b3c87Debian Security Advisory 1850-1 - Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug.
81fb930ff96e23d185d8dbaabb5f114ab92989bfd83a85581dbbf7cb9e4a1f7cGentoo Linux Security Advisory GLSA 200907-07 - ModPlug contains several buffer overflows that could lead to the execution of arbitrary code. Versions less than 0.8.7 are affected.
e90cebeb55584f58a0b84c0257b5bba40ac13e52bebeabca24e73ac59b37eab1Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities have been identified and fixed in libmodplug. These range from integer to buffer overflows. The updated packages have been patched to prevent this.
0571fd8d87c92d6328067f290b78f164ef29e209aaf3cb2cc002ce05d1c6f2deUbuntu Security Notice USN-771-1 - It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04.
9ff6c988eb56a3c4cf3f4443636f83112492538e511a0db40012074a8499c16b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed