Lucene search

Gentoo FoundationGLSA-200610-13

HistoryOct 26, 2006 - 12:00 a.m.

Cheese Tracker: Buffer Overflow

2006-10-2600:00:00

Gentoo Foundation

security.gentoo.org

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Background

Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats.

Description

Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp.

Impact

An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data.

Workaround

There is no known workaround at this time.

Resolution

All Cheese Tracker users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-sound/cheesetracker-0.9.9-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/cheesetracker< 0.9.9-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-sound/cheesetracker	< 0.9.9-r1	UNKNOWN

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Related for GLSA-200610-13