Lucene search
Gentoo FoundationGLSA-200612-04HistoryDec 10, 2006 - 12:00 a.m.
ModPlug: Multiple buffer overflows
2006-12-1000:00:00
Gentoo Foundation
security.gentoo.org
10
0.239 Low
EPSS
Percentile
96.6%
Background
ModPlug is a library for playing MOD-like music.
Description
Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the “CSoundFile::ReadSample()” function in sndfile.cpp.
Impact
A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All ModPlug users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-libs/libmodplug | < 0.8-r1 | UNKNOWN |
Related
openvas
openvas
Ubuntu Update for libmodplug vulnerability USN-521-1
2009-03-23 00:00:00
Mandriva Update for libmodplug MDKSA-2007:001 (libmodplug)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200612-04 (libmodplug)
2008-09-24 00:00:00
nessus
nessus
GLSA-200612-04 : ModPlug: Multiple buffer overflows
2006-12-14 00:00:00
Ubuntu 6.06 LTS / 6.10 : libmodplug vulnerability (USN-521-1)
2007-11-10 00:00:00
openSUSE 10 Security Update : xmms-plugins (xmms-plugins-2101)
2007-10-17 00:00:00
cve
cve
CVE-2006-4192
2006-08-17 01:04:00
cvelist
cvelist
CVE-2006-4192
2006-08-17 01:00:00
ubuntu
ubuntu
libmodplug vulnerability
2007-09-27 00:00:00
debiancve
debiancve
CVE-2006-4192
2006-08-17 01:04:00
ubuntucve
ubuntucve
CVE-2006-4192
2006-08-16 00:00:00
redhat
redhat
(RHSA-2011:0477) Important: gstreamer-plugins security update
2011-05-02 00:00:00
oraclelinux
oraclelinux
gstreamer-plugins security update
2011-05-02 00:00:00
centos
centos
gstreamer security update
2011-05-04 12:22:21