thr3ads.net - Secure testing team - [Secure-testing-team] Bug#526657: CVE-2009-1438: libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability [May 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-May-02 15:19 UTC

[Secure-testing-team] Bug#526657: CVE-2009-1438: libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability

Package: libmodplug
Version: 1:0.8.4-5
Severity: grave
Tags: security patch

Hi,

the following CVE (Common Vulnerabilities & Exposures) id was
published for libmodplug:

CVE-2009-1438[1]
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in
libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows
context-dependent attackers to execute arbitrary code via a MED file with a
crafted (1) song comment or (2) song name, which triggers a heap-based buffer
overflow.

Patch:[2]

If you fix the vulnerability please also make sure to include the CVE id
in the changelog entry.

[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438
[2]http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.3&view=patch

Cheers,
Giuseppe.

Secure testing team - May 2009 - Bug#526657: CVE-2009-1438: libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability

[Secure-testing-team] Bug#526657: CVE-2009-1438: libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability