CVE-2009-3996

Related Files

Ubuntu Security Notice 995-1

Posted Sep 29, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 995-1 - It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. It was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971

SHA-256 | 9fbe97802b0f6034e15d8b2e60e735a5af1fd215ef2bf8dd418a7a6cbff53f53

Download | Favorite | View

Mandriva Linux Security Advisory 2010-151

Posted Aug 17, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-151 - Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via crafted instrument definitions in an Impulse Tracker file.

tags | advisory, remote, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971

SHA-256 | 12f5ec5e142813be5c96c3d52f98b7fb03ced9717bcc95a4dd84e518b13ecc81

Download | Favorite | View

Debian Linux Security Advisory 2071-1

Posted Jul 15, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2071-1 - Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2009-3995, CVE-2009-3996

SHA-256 | 6d330af0279241bc195a2da88e6f46b37d34a7ffed24274f3805d23946031c64

Download | Favorite | View

libmikmod Module Parsing Vulnerabilities

Posted Feb 5, 2010

Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered some vulnerabilities in libmikmod, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow arbitrary code execution in the context of the process using the libmikmod library when opening a specially crafted module file. Version 3.1.12 is affected.

tags | advisory, arbitrary, vulnerability, code execution

advisories | CVE-2009-3995, CVE-2009-3996

SHA-256 | ffe2444e942bbb7f4e8c5effa7fc43640a7f9cca499c6911bd7cc5d8cc0be69f

Download | Favorite | View

Winamp Ultratracker File Parsing Buffer Overflow

Posted Dec 17, 2009

Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Ultratracker files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary

advisories | CVE-2009-3996

SHA-256 | da211724536ef1c0859a7361b4f4cf6b1b6866921c4d73d47b44411d27b7fdda

Download | Favorite | View