thr3ads.net - Secure testing team - [Secure-testing-team] Bug#625966: libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow [May 2011]

If this information is useful, please help other people find it:
Share via:

Remi Denis-Courmont

2011-May-07 12:51 UTC

[Secure-testing-team] Bug#625966: libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow

Package: libmodplug1
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole


	Hello,

As the security contact for VLC media player, this was brought to my
attention:  http://www.exploit-db.com/exploits/17222/
I can confirm the bug happens, but I have no further informations at
this point.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmodplug1 depends on:
ii  libc6                         2.13-2     Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.6.0-6  GCC support library
ii  libstdc++6                    4.6.0-6    The GNU Standard C++ Library v3

libmodplug1 recommends no packages.

libmodplug1 suggests no packages.

-- no debconf information

Secure testing team - May 2011 - Bug#625966: libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow

[Secure-testing-team] Bug#625966: libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow