thr3ads.net - Secure testing team - [Secure-testing-team] Bug#526084: [SA34927] libmodplug "PATinst()" Buffer Overflow Vulnerability [Apr 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Apr-29 07:03 UTC

[Secure-testing-team] Bug#526084: [SA34927] libmodplug "PATinst()" Buffer Overflow Vulnerability

Package: libmodplug
Version: 1:0.8.4-5
Severity: serious
Tags: security patch

Hi,

The following SA (Secunia Advisory) id was published for   	
libmodplug:

SA34927[1]
> DESCRIPTION:
> A vulnerability has been reported in libmodplug, which can be
> exploited by malicious people to cause a DoS (Denial of Service) and
> potentially compromise an application using the library.
> 
> A boundary error exists within the "PATinst()" function in
> src/load_pat.c. This can be exploited to cause a buffer overflow by
> e.g. tricking a victim into opening a specially crafted file in an
> application using the library.
> 
> SOLUTION:
> Update to version 0.8.7.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Manfred Tremmel and Stanislav Brabec
> 
> ORIGINAL ADVISORY:
>
http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275
You can find the trivial patch[2] in the upstream cvs repository.

If you fix the vulnerability please also make sure to include the CVE id
(if it will be available) in the changelog entry.

[1]http://secunia.com/advisories/34927
[2]http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4

Cheers,
Giuseppe.

Secure testing team - Apr 2009 - Bug#526084: [SA34927] libmodplug "PATinst()" Buffer Overflow Vulnerability

[Secure-testing-team] Bug#526084: [SA34927] libmodplug "PATinst()" Buffer Overflow Vulnerability