ID CVE-2009-1438
Summary Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
References
Vulnerable Configurations
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 30801
confirm
debian
  • DSA-1850
  • DSA-1851
fedora
  • FEDORA-2009-4064
  • FEDORA-2009-4068
gentoo GLSA-200907-07
mandriva MDVSA-2009:128
misc http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2
mlist [oss-security] 20090421 CVE Request -- libmodplug
osvdb 53801
secunia
  • 34797
  • 34930
  • 35026
  • 35685
  • 35736
  • 36158
  • 36183
suse SUSE-SR:2009:012
ubuntu USN-771-1
vupen ADV-2009-1104
xf libmodplug-csoundfilereadmed-bo(50388)
statements via4
contributor Tomas Hoger
lastmodified 2009-04-28
organization Red Hat
statement The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438
Last major update 17-08-2017 - 01:30
Published 27-04-2009 - 18:00
Back to Top