Playmidi playmidi.c File Name Overflow

2005-01-17T00:00:00
ID OSVDB:13049
Type osvdb
Reporter Erik Sjölund()
Modified 2005-01-17T00:00:00

Description

Vulnerability Description

A local overflow exists in Playmidi. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted file name, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Playmidi. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted file name, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://sourceforge.net/projects/playmidi/ Security Tracker: 1012957 Secunia Advisory ID:13828 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:010 Other Advisory URL: http://www.debian.org/security/2005/dsa-641 Nessus Plugin ID:16219 Nessus Plugin ID:16181 ISS X-Force ID: 18933 CVE-2005-0020 Bugtraq ID: 12274