Published: 27/04/2009 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug prior to 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent malicious users to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Vulnerable Product	Search on Vulmon	Subscribe to Product
konstanty bialkowski libmodplug
konstanty bialkowski libmodplug 0.8.4
konstanty bialkowski libmodplug 0.8

It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program (CVE-2009-1438) ...

Debian Bug report logs - #526657 CVE-2009-1438: libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability Package: libmodplug; Maintainer for libmodplug is Stephen Kitt <skitt@debianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sat, 2 May 2009 15:21:01 UTC Severity: grave Tags: patch, se ...

Debian Bug report logs - #526084 [SA34927] libmodplug "PATinst()" Buffer Overflow Vulnerability Package: libmodplug; Maintainer for libmodplug is Stephen Kitt <skitt@debianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 29 Apr 2009 07:06:04 UTC Severity: serious Tags: lenny, patch, security, s ...

Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name CVE ...

It was discovered that gst-plugins-bad010, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name For the oldstable distribution (etch), this problem has been fixed in version 0103-31+etch3 For the stable distribution (lenny), this problem has been fixed in ...

CWE-189 http://www.vupen.com/english/advisories/2009/1104 http://bugs.gentoo.org/show_bug.cgi?id=266913 http://secunia.com/advisories/34797 https://bugzilla.redhat.com/show_bug.cgi?id=496834 http://osvdb.org/53801 http://www.securityfocus.com/bid/30801 http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275 http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.html http://secunia.com/advisories/34930 http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.html http://www.ubuntu.com/usn/USN-771-1 http://secunia.com/advisories/35026 http://www.openwall.com/lists/oss-security/2009/04/21/4 http://www.mandriva.com/security/advisories?name=MDVSA-2009:128 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35685 http://secunia.com/advisories/35736 http://security.gentoo.org/glsa/glsa-200907-07.xml http://www.debian.org/security/2009/dsa-1850 http://secunia.com/advisories/36158 http://secunia.com/advisories/36183 http://www.debian.org/security/2009/dsa-1851 https://exchange.xforce.ibmcloud.com/vulnerabilities/50388 http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&%3Br2=1.2 https://usn.ubuntu.com/771-1/https://nvd.nist.gov

CVE-2009-1438

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect