19 matches found
Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)
The remote host is missing an update to libmodplug announced via advisory MDVSA-2009:128-1. OpenVAS Vulnerability Test $Id: mdksa20091281.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:128-1 libmodplug Authors: Thomas Reinke Copyright: Copyright c...
Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)
The remote host is missing an update to libmodplug announced via advisory MDVSA-2009:128-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
openSUSE 10 Security Update : gstreamer010-plugins-bad (gstreamer010-plugins-bad-6251)
This update fixes a buffer overflow in libmodplug that can be exploited remotely to execute arbitrary code with the privileges of the process using the libaray. CVE-2009-1438 if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C...
[SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1851-1 [email protected] http://www.debian.org/security/ Steffen Joeris August 06, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1850-1 [email protected] http://www.debian.org/security/ Steffen Joeris August 04, 2009 http://www.debian.org/security/faq -...
DSA-1850-1 libmodplug - arbitrary code execution
Bulletin has no description...
Gentoo Security Advisory GLSA 200907-07 (libmodplug gst-plugins-bad)
The remote host is missing updates announced in advisory GLSA 200907-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE Security Update : gstreamer-0_10-plugins-bad (gstreamer-0_10-plugins-bad-887)
This update fixes a buffer overflow in libmodplug that can be exploited remotely to execute arbitrary code with the privileges of the process using the libaray. CVE-2009-1438 if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C...
GLSA-200907-07 : ModPlug: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200907-07 ModPlug: User-assisted execution of arbitrary code Two vulnerabilities have been reported in ModPlug: dummy reported an integer overflow in the CSoundFile::ReadMed function when processing a MED file with a crafted song...
Mandriva Linux Security Advisory : libmodplug (MDVSA-2009:128-1)
Multiple security vulnerabilities has been identified and fixed in libmodplug : Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libmodplug vulnerabilities (USN-771-1)
It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. CVE-2009-1438 Manfred...
USN-771-1: libmodplug vulnerabilities
It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. CVE-2009-1438 Manfred...
[USN-771-1] libmodplug vulnerabilities
=========================================================== Ubuntu Security Notice USN-771-1 May 07, 2009 libmodplug vulnerabilities CVE-2009-1438, CVE-2009-1513 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...
Fedora Core 10 FEDORA-2009-4068 (libmodplug)
The remote host is missing an update to libmodplug announced via advisory FEDORA-2009-4068. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Fedora Core 9 FEDORA-2009-4064 (libmodplug)
The remote host is missing an update to libmodplug announced via advisory FEDORA-2009-4064. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Security fix for the ALT Linux 6 package libmodplug version 0.8.7-alt1
May 1, 2009 Vladimir Lettiev 0.8.7-alt1 - NMU: 0.8.7 - Security fixes: + CVE-2009-1438 Closes: 19694 + PATinst Buffer Overflow Vulnerability Closes: 19824 - removed obosolete post,unldconfig...
Fedora 10 : libmodplug-0.8.7-1.fc10 (2009-4068)
Update to 0.8.7: http://sourceforge.net/project/shownotes.php?groupid=1275&releaseid= 675660 http://sourceforge.net/project/shownotes.php?groupid=1275&releaseid= 677065 http://sourceforge.net/project/shownotes.php?groupid=1275&releaseid= 678622 Note that Tenable Network Security has extracted the...
CVE-2009-1438
CVE-2009-1438 concerns an integer overflow in libmodplug’s MED file handling (CSoundFile::ReadMed in src/load_med.cpp) prior to version 0.8.6. The issue enables a heap-based buffer overflow when processing a crafted MED file, by exploiting a crafted song comment or song name, and is/was present i...
CVE-2009-1438
Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which triggers a...