Lucene search

K
osvGoogleOSV:DSA-1850-1
HistoryAug 04, 2009 - 12:00 a.m.

libmodplug - arbitrary code execution

2009-08-0400:00:00
Google
osv.dev
6

0.06 Low

EPSS

Percentile

93.5%

Several vulnerabilities have been discovered in libmodplug, the shared
libraries for mod music based on ModPlug. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2009-1438
    It was discovered that libmodplug is prone to an integer overflow when
    processing a MED file with a crafted song comment or song name.
  • CVE-2009-1513
    It was discovered that libmodplug is prone to a buffer overflow in the
    PATinst function, when processing a long instrument name.

For the oldstable distribution (etch), these problems have been fixed in
version 1:0.7-5.2+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 1:0.8.4-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1:0.8.7-1.

We recommend that you upgrade your libmodplug packages.

CPENameOperatorVersion
libmodplugeq1:0.8.4-1