CVE-2009-1513

Related Files

Mandriva Linux Security Advisory 2009-128

Posted Dec 4, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities has been identified and fixed in libmodplug. Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow. Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability

systems | linux, mandriva

advisories | CVE-2009-1438, CVE-2009-1513

SHA-256 | b70b0d9b7a04a44ef2a85cacf20ee9fe2b6ef96fedb09babb3464393ad527867

Download | Favorite | View

Debian Linux Security Advisory 1850-1

Posted Aug 6, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1850-1 - Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2009-1438, CVE-2009-1513

SHA-256 | 81fb930ff96e23d185d8dbaabb5f114ab92989bfd83a85581dbbf7cb9e4a1f7c

Download | Favorite | View

Gentoo Linux Security Advisory 200907-7

Posted Jul 13, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-07 - ModPlug contains several buffer overflows that could lead to the execution of arbitrary code. Versions less than 0.8.7 are affected.

tags | advisory, overflow, arbitrary

systems | linux, gentoo

advisories | CVE-2009-1438, CVE-2009-1513

SHA-256 | e90cebeb55584f58a0b84c0257b5bba40ac13e52bebeabca24e73ac59b37eab1

Download | Favorite | View

Mandriva Linux Security Advisory 2009-128

Posted Jun 4, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities have been identified and fixed in libmodplug. These range from integer to buffer overflows. The updated packages have been patched to prevent this.

tags | advisory, overflow, vulnerability

systems | linux, mandriva

advisories | CVE-2009-1438, CVE-2009-1513

SHA-256 | 0571fd8d87c92d6328067f290b78f164ef29e209aaf3cb2cc002ce05d1c6f2de

Download | Favorite | View

Ubuntu Security Notice 771-1

Posted May 8, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-771-1 - It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-1438, CVE-2009-1513

SHA-256 | 9ff6c988eb56a3c4cf3f4443636f83112492538e511a0db40012074a8499c16b

Download | Favorite | View