openSUSE 10 Security Update : xmms-plugins (xmms-plugins-2101)

Specially crafted AMF files could potentially be used to exploit a heap based buffer overflow in libmodplug CVE-2006-4192. if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C Tenable Network Security, Inc. The descriptive text and...

USN-521-1: libmodplug vulnerability

Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user...

Mandrake Linux Security Advisory : libmodplug (MDKSA-2007:001)

Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Loadit.cpp and 2 crafted modules use...

MODPlug Tracker多个缓冲区溢出漏洞

MODPlug Tracker（也称为OpenMPT）允许用户在基于Windows的PC上创建音乐。 OpenMPT的ReadITProject函数没有过滤ITP文件中的文本字段，允许攻击者覆盖全局变量，执行恶意代码。请注意libmodplug中不支持ITP文件。 soundlib/Loadit.cpp中的漏洞代码： BOOL CSoundFile::ReadITProjectLPCBYTE lpStream, DWORD dwMemLength ... // Song name // name string length...

DEBIAN-CVE-2006-4192

Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...

CVE-2006-4192

Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...

CVE-2006-4192

Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...

CVE-2006-4192

CVE-2006-4192 is a buffer overflow vulnerability in libmodplug modules embedded in GStreamer (via MODPlug Tracker/OpenMPT usage) that could allow remote code execution when processing crafted ITProject/AMF files. Connected advisories (RHSA-2011:0477 and related OpenVAS/Nessus entries) describe an...

CVE-2006-4192

Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...

Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8

Luigi Auriemma Application: OpenMPT aka MODPlug Tracker http://modplug.sourceforge.net http://www.modplug.com libmodplug http://modplug-xmms.sourceforge.net Versions: OpenMPT = 1.17.02.43 and current SVN libmodplug = 0.8 and current CVS Platforms: Windows nix, BSD, XMMS plugin and others Bugs: A...