what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

CVE-2010-2971

Status Candidate

Overview

loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.

Related Files

Gentoo Linux Security Advisory 201203-10
Posted Mar 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-10 - Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.2.0_beta2-r3 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2546, CVE-2010-2971
MD5 | c19897131a59d9996f004a9e62b254df
Ubuntu Security Notice 995-1
Posted Sep 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 995-1 - It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. It was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971
MD5 | ce02ea8d777eaea655c7b321a1929a98
Mandriva Linux Security Advisory 2010-151
Posted Aug 17, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-151 - Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via crafted instrument definitions in an Impulse Tracker file.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971
MD5 | ac2bf380904cb4be47a56127421ffea7
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close