Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1850-1
HistoryAug 04, 2009 - 12:00 a.m.

libmodplug - arbitrary code execution

2009-08-0400:00:00
Google
osv.dev
3

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

92.1%

JSON

Several vulnerabilities have been discovered in libmodplug, the shared
libraries for mod music based on ModPlug. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2009-1438
    It was discovered that libmodplug is prone to an integer overflow when
    processing a MED file with a crafted song comment or song name.
  • CVE-2009-1513
    It was discovered that libmodplug is prone to a buffer overflow in the
    PATinst function, when processing a long instrument name.

For the oldstable distribution (etch), these problems have been fixed in
version 1:0.7-5.2+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 1:0.8.4-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1:0.8.7-1.

We recommend that you upgrade your libmodplug packages.

CPENameOperatorVersion
libmodplugeq1:0.8.4-1

Related

openvas 18
debian 2
securityvulns 2
gentoo 1
nessus 10
ubuntu 1
prion 2
ubuntucve 2
cve 2
debiancve 2
fedora 2
altlinux 1
openvas
openvas
Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)
2009-12-10 00:00:00
Debian: Security Advisory (DSA-1850-1)
2009-08-17 00:00:00
Gentoo Security Advisory GLSA 200907-07 (libmodplug gst-plugins-bad)
2009-07-29 00:00:00
debian
debian
[SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution
2009-08-04 08:57:58
[SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution
2009-08-06 08:28:57
securityvulns
securityvulns
[USN-771-1] libmodplug vulnerabilities
2009-05-07 00:00:00
libmodplug library multiple security vulnerabilities
2009-05-07 00:00:00
gentoo
gentoo
ModPlug: User-assisted execution of arbitrary code
2009-07-12 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libmodplug vulnerabilities (USN-771-1)
2009-05-08 00:00:00
Mandriva Linux Security Advisory : libmodplug (MDVSA-2009:128-1)
2009-06-05 00:00:00
Debian DSA-1850-1 : libmodplug - several vulnerabilities
2010-02-24 00:00:00
ubuntu
ubuntu
libmodplug vulnerabilities
2009-05-07 00:00:00
prion
prion
Buffer overflow
2009-05-04 16:30:00
Integer overflow
2009-04-27 18:00:00
ubuntucve
ubuntucve
CVE-2009-1513
2009-05-04 00:00:00
CVE-2009-1438
2009-04-27 00:00:00
cve
cve
CVE-2009-1513
2009-05-04 16:30:00
CVE-2009-1438
2009-04-27 18:00:00
debiancve
debiancve
CVE-2009-1438
2009-04-27 18:00:00
CVE-2009-1513
2009-05-04 16:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: libmodplug-0.8.7-1.fc10
2009-04-28 01:19:34
[SECURITY] Fedora 9 Update: libmodplug-0.8.7-1.fc9
2009-04-28 01:19:14
altlinux
altlinux
Security fix for the ALT Linux 6 package libmodplug version 0.8.7-alt1
2009-05-01 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.055 Low

EPSS

Percentile

92.1%

JSON
Related for OSV:DSA-1850-1
openvas18debian2securityvulns2gentoo1nessus10ubuntu1prion2ubuntucve2cve2debiancve2fedora2altlinux1