Lucene search

Gentoo FoundationGLSA-200609-06

HistorySep 12, 2006 - 12:00 a.m.

AdPlug: Multiple vulnerabilities

2006-09-1200:00:00

Gentoo Foundation

security.gentoo.org

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.266 Low

EPSS

Percentile

96.7%

JSON

Background

AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library.

Description

AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.

Impact

By enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug.

Workaround

There are no known workarounds at this time.

Resolution

All AdPlug users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/adplug-2.0.1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/adplug< 2.0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-libs/adplug	< 2.0.1	UNKNOWN

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.266 Low

EPSS

Percentile

96.7%

JSON

Related for GLSA-200609-06