libmodplug: Fixed multiple vulnerabilities reported in <= 0.8.8.3 (important)
2011-08-24T21:08:24
ID OPENSUSE-SU-2011:0943-1 Type suse Reporter Suse Modified 2011-08-24T21:08:24
Description
This update of libmodplug0 fixes the following issues:
1) An integer overflow error exists within the
"CSoundFile::ReadWav()" function (src/load_wav.cpp) when
processing certain WAV files. This can be exploited to
cause a heap-based buffer overflow by tricking a user into
opening a specially crafted WAV file. (CVE-2011-2911)
2) Boundary errors within the "CSoundFile::ReadS3M()"
function (src/load_s3m.cpp) when processing S3M files can
be exploited to cause stack-based buffer overflows by
tricking a user into opening a specially crafted S3M file.
(CVE-2011-2912)
3) An off-by-one error within the "CSoundFile::ReadAMS()"
function (src/load_ams.cpp) can be exploited to cause a
stack corruption by tricking a user into opening a
specially crafted AMS file. (CVE-2011-2913)
4) An off-by-one error within the "CSoundFile::ReadDSM()"
function (src/load_dms.cpp) can be exploited to cause a
memory corruption by tricking a user into opening a
specially crafted DSM file. (CVE-2011-2914)
5) An off-by-one error within the "CSoundFile::ReadAMS2()"
function (src/load_ams.cpp) can be exploited to cause a
memory corruption by tricking a user into opening a
specially crafted AMS file. (CVE-2011-2915)
Also an overflow in the ABC loader was fixed.
(CVE-2011-1761)
{"bulletinFamily": "unix", "hash": "4475675193b6a9d55dfd555bb3a843ae7a984e2f81e86deb0d38270b7794d0ad", "id": "OPENSUSE-SU-2011:0943-1", "lastseen": "2016-09-04T11:29:41", "description": "This update of libmodplug0 fixes the following issues:\n\n 1) An integer overflow error exists within the\n "CSoundFile::ReadWav()" function (src/load_wav.cpp) when\n processing certain WAV files. This can be exploited to\n cause a heap-based buffer overflow by tricking a user into\n opening a specially crafted WAV file. (CVE-2011-2911)\n\n 2) Boundary errors within the "CSoundFile::ReadS3M()"\n function (src/load_s3m.cpp) when processing S3M files can\n be exploited to cause stack-based buffer overflows by\n tricking a user into opening a specially crafted S3M file.\n (CVE-2011-2912)\n\n\n 3) An off-by-one error within the "CSoundFile::ReadAMS()"\n function (src/load_ams.cpp) can be exploited to cause a\n stack corruption by tricking a user into opening a\n specially crafted AMS file. (CVE-2011-2913)\n\n 4) An off-by-one error within the "CSoundFile::ReadDSM()"\n function (src/load_dms.cpp) can be exploited to cause a\n memory corruption by tricking a user into opening a\n specially crafted DSM file. (CVE-2011-2914)\n\n 5) An off-by-one error within the "CSoundFile::ReadAMS2()"\n function (src/load_ams.cpp) can be exploited to cause a\n memory corruption by tricking a user into opening a\n specially crafted AMS file. (CVE-2011-2915)\n\n Also an overflow in the ABC loader was fixed.\n (CVE-2011-1761)\n\n", "objectVersion": "1.2", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1761", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "viewCount": 1, "published": "2011-08-24T21:08:24", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html", "references": ["https://bugzilla.novell.com/710726"], "reporter": "Suse", "edition": 1, "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "title": "libmodplug: Fixed multiple vulnerabilities reported in <= 0.8.8.3 (important)", "history": [], "modified": "2011-08-24T21:08:24", "enchantments": {"vulnersScore": 9.3}, "type": "suse", "affectedPackage": [{"arch": "x86_64", "packageFilename": "libmodplug-devel-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.3", "operator": "lt", "packageName": "libmodplug-devel", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "x86_64", "packageFilename": "libmodplug-devel-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "libmodplug-devel", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "i586", "packageFilename": "libmodplug-devel-0.8.8.4-2.2.1.i586.rpm", "OSVersion": "11.3", "operator": "lt", "packageName": "libmodplug-devel", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "x86_64", "packageFilename": "libmodplug0-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.3", "operator": "lt", "packageName": "libmodplug0", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "x86_64", "packageFilename": "libmodplug0-32bit-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.3", "operator": "lt", "packageName": "libmodplug0-32bit", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "i586", "packageFilename": "libmodplug0-0.8.8.4-2.2.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "libmodplug0", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "i586", "packageFilename": "libmodplug0-0.8.8.4-2.2.1.i586.rpm", "OSVersion": "11.3", "operator": "lt", "packageName": "libmodplug0", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "x86_64", "packageFilename": "libmodplug0-32bit-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "libmodplug0-32bit", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "x86_64", "packageFilename": "libmodplug0-0.8.8.4-2.2.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "libmodplug0", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}, {"arch": "i586", "packageFilename": "libmodplug-devel-0.8.8.4-2.2.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "libmodplug-devel", "packageVersion": "0.8.8.4-2.2.1", "OS": "openSUSE"}]}
{"result": {"cve": [{"id": "CVE-2011-2913", "type": "cve", "title": "CVE-2011-2913", "description": "Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.", "published": "2012-06-07T15:55:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2913", "cvelist": ["CVE-2011-2913"], "lastseen": "2017-08-29T11:19:36"}, {"id": "CVE-2011-2912", "type": "cve", "title": "CVE-2011-2912", "description": "Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.", "published": "2012-06-07T15:55:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2912", "cvelist": ["CVE-2011-2912"], "lastseen": "2017-08-29T11:19:36"}, {"id": "CVE-2011-1761", "type": "cve", "title": "CVE-2011-1761", "description": "Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.", "published": "2012-06-07T15:55:02", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1761", "cvelist": ["CVE-2011-1761"], "lastseen": "2016-09-03T15:17:36"}, {"id": "CVE-2011-2915", "type": "cve", "title": "CVE-2011-2915", "description": "Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.", "published": "2012-06-07T15:55:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2915", "cvelist": ["CVE-2011-2915"], "lastseen": "2017-08-29T11:19:36"}, {"id": "CVE-2011-2911", "type": "cve", "title": "CVE-2011-2911", "description": "Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.", "published": "2012-06-07T15:55:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2911", "cvelist": ["CVE-2011-2911"], "lastseen": "2017-08-29T11:19:36"}, {"id": "CVE-2011-2914", "type": "cve", "title": "CVE-2011-2914", "description": "Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.", "published": "2012-06-07T15:55:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2914", "cvelist": ["CVE-2011-2914"], "lastseen": "2017-08-29T11:19:36"}], "nessus": [{"id": "CENTOS_RHSA-2011-1264.NASL", "type": "nessus", "title": "CentOS 4 : gstreamer-plugins (CESA-2011:1264)", "description": "Updated gstreamer-plugins packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.", "published": "2011-09-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56126", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:35:30"}, {"id": "FEDORA_2011-10544.NASL", "type": "nessus", "title": "Fedora 15 : libmodplug-0.8.8.4-1.fc15 (2011-10544)", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news http://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55870", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:33:40"}, {"id": "FEDORA_2011-10503.NASL", "type": "nessus", "title": "Fedora 14 : libmodplug-0.8.8.4-1.fc14 (2011-10503)", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news http://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55869", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-07-13T06:26:07"}, {"id": "UBUNTU_USN-1255-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libmodplug vulnerabilities (USN-1255-1)", "description": "Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)\n\nIt was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2914, CVE-2011-2915).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-11-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56767", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:40:18"}, {"id": "REDHAT-RHSA-2011-1264.NASL", "type": "nessus", "title": "RHEL 4 : gstreamer-plugins (RHSA-2011:1264)", "description": "Updated gstreamer-plugins packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.", "published": "2011-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56111", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:42:38"}, {"id": "FEDORA_2011-10452.NASL", "type": "nessus", "title": "Fedora 16 : libmodplug-0.8.8.4-1.fc16 (2011-10452)", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news http://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55946", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:37:30"}, {"id": "GENTOO_GLSA-201203-14.NASL", "type": "nessus", "title": "GLSA-201203-14 : Audacious Plugins: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-201203-14 (Audacious Plugins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been found in Audacious Plugins:\n The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an integer overflow which could cause a heap-based buffer overflow (CVE-2011-2911).\n The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains multiple boundary errors which could cause a stack-based buffer overflow (CVE-2011-2912).\n The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2913).\n The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2914).\n The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2915).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted media file, possibly resulting in execution of arbitrary code, or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2012-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58379", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-07-12T17:53:43"}, {"id": "ORACLELINUX_ELSA-2011-1264.NASL", "type": "nessus", "title": "Oracle Linux 4 : gstreamer-plugins (ELSA-2011-1264)", "description": "From Red Hat Security Advisory 2011:1264 :\n\nUpdated gstreamer-plugins packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68345", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:43:16"}, {"id": "FEDORA_2011-12370.NASL", "type": "nessus", "title": "Fedora 14 : audacious-plugins-2.4.5-4.fc14 (2011-12370)", "description": "Patch to use the system's libmodplug library.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-09-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56224", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-07-13T06:04:07"}, {"id": "SUSE_11_4_LIBMODPLUG-110816.NASL", "type": "nessus", "title": "openSUSE Security Update : libmodplug (openSUSE-SU-2011:0943-1)", "description": "This update of libmodplug0 fixes the following issues :\n\n1) An integer overflow error exists within the 'CSoundFile::ReadWav()' function (src/load_wav.cpp) when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WAV file. (CVE-2011-2911)\n\n2) Boundary errors within the 'CSoundFile::ReadS3M()' function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file. (CVE-2011-2912)\n\n3) An off-by-one error within the 'CSoundFile::ReadAMS()' function (src/load_ams.cpp) can be exploited to cause a stack corruption by tricking a user into opening a specially crafted AMS file.\n(CVE-2011-2913)\n\n4) An off-by-one error within the 'CSoundFile::ReadDSM()' function (src/load_dms.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted DSM file.\n(CVE-2011-2914)\n\n5) An off-by-one error within the 'CSoundFile::ReadAMS2()' function (src/load_ams.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted AMS file.\n(CVE-2011-2915)\n\nAlso an overflow in the ABC loader was fixed. (CVE-2011-1761)", "published": "2014-06-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75902", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1761", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-29T13:41:31"}], "openvas": [{"id": "OPENVAS:863809", "type": "openvas", "title": "Fedora Update for libmodplug FEDORA-2011-10452", "description": "Check for the Version of libmodplug", "published": "2012-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863809", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-01-06T13:07:22"}, {"id": "OPENVAS:1361412562310863809", "type": "openvas", "title": "Fedora Update for libmodplug FEDORA-2011-10452", "description": "Check for the Version of libmodplug", "published": "2012-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863809", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-04-06T11:19:02"}, {"id": "OPENVAS:1361412562310880974", "type": "openvas", "title": "CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386", "description": "Check for the Version of gstreamer-plugins", "published": "2011-09-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880974", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-04-09T11:35:29"}, {"id": "OPENVAS:840800", "type": "openvas", "title": "Ubuntu Update for libmodplug USN-1255-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1255-1", "published": "2011-11-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840800", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-12-04T11:27:36"}, {"id": "OPENVAS:880974", "type": "openvas", "title": "CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386", "description": "Check for the Version of gstreamer-plugins", "published": "2011-09-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880974", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-07-25T10:55:21"}, {"id": "OPENVAS:1361412562310870483", "type": "openvas", "title": "RedHat Update for gstreamer-plugins RHSA-2011:1264-01", "description": "Check for the Version of gstreamer-plugins", "published": "2011-09-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870483", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-04-09T11:38:00"}, {"id": "OPENVAS:71300", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-14.", "published": "2012-04-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=71300", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-07-24T12:50:36"}, {"id": "OPENVAS:870483", "type": "openvas", "title": "RedHat Update for gstreamer-plugins RHSA-2011:1264-01", "description": "Check for the Version of gstreamer-plugins", "published": "2011-09-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870483", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-07-27T10:55:31"}, {"id": "OPENVAS:1361412562310840800", "type": "openvas", "title": "Ubuntu Update for libmodplug USN-1255-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1255-1", "published": "2011-11-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840800", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-04-30T14:15:03"}, {"id": "OPENVAS:881372", "type": "openvas", "title": "CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64", "description": "Check for the Version of gstreamer-plugins", "published": "2012-07-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881372", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-01-02T10:56:38"}], "redhat": [{"id": "RHSA-2011:1264", "type": "redhat", "title": "(RHSA-2011:1264) Important: gstreamer-plugins security update", "description": "The gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws\nwere found in various ModPlug music file format library (libmodplug)\nmodules, embedded in GStreamer. An attacker could create specially-crafted\nmusic files that, when played by a victim, would cause applications using\nGStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\nCVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n", "published": "2011-09-06T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1264", "cvelist": ["CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2914", "CVE-2011-2915"], "lastseen": "2017-09-09T07:20:03"}], "centos": [{"id": "CESA-2011:1264", "type": "centos", "title": "gstreamer security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:1264\n\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws\nwere found in various ModPlug music file format library (libmodplug)\nmodules, embedded in GStreamer. An attacker could create specially-crafted\nmusic files that, when played by a victim, would cause applications using\nGStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\nCVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017719.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017720.html\n\n**Affected packages:**\ngstreamer-plugins\ngstreamer-plugins-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1264.html", "published": "2011-09-08T13:33:02", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-September/017719.html", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2017-10-12T14:45:11"}], "gentoo": [{"id": "GLSA-201203-14", "type": "gentoo", "title": "Audacious Plugins: User-assisted execution of arbitrary code", "description": "### Background\n\nPlugins for the Audacious music player.\n\n### Description\n\nMultiple vulnerabilities have been found in Audacious Plugins:\n\n * The \"CSoundFile::ReadWav()\" function in load_wav.cpp contains an integer overflow which could cause a heap-based buffer overflow (CVE-2011-2911). \n * The \"CSoundFile::ReadS3M()\" function in load_s3m.cpp contains multiple boundary errors which could cause a stack-based buffer overflow (CVE-2011-2912). \n * The \"CSoundFile::ReadAMS()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2913). \n * The \"CSoundFile::ReadDSM()\" function in load_dms.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2914). \n * The \"CSoundFile::ReadAMS2()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2915). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly resulting in execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Audacious Plugins users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-plugins/audacious-plugins-3.1\"", "published": "2012-03-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201203-14", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2016-09-06T19:46:18"}, {"id": "GLSA-201203-16", "type": "gentoo", "title": "ModPlug: User-assisted execution of arbitrary code", "description": "### Background\n\nModPlug is a library for playing MOD-like music.\n\n### Description\n\nMultiple vulnerabilities have been found in ModPlug:\n\n * The ReadS3M method in load_s3m.cpp fails to validate user-supplied information, which could cause a stack-based buffer overflow (CVE-2011-1574). \n * The \"CSoundFile::ReadWav()\" function in load_wav.cpp contains an integer overflow which could cause a heap-based buffer overflow (CVE-2011-2911). \n * The \"CSoundFile::ReadS3M()\" function in load_s3m.cpp contains multiple boundary errors which could cause a stack-based buffer overflow (CVE-2011-2912). \n * The \"CSoundFile::ReadAMS()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2913). \n * The \"CSoundFile::ReadDSM()\" function in load_dms.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2914). \n * The \"CSoundFile::ReadAMS2()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2915). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly resulting in execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ModPlug users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libmodplug-0.8.8.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue.", "published": "2012-03-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201203-16", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1574", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2016-09-06T19:46:01"}], "oraclelinux": [{"id": "ELSA-2011-1264", "type": "oraclelinux", "title": "gstreamer-plugins security update", "description": "[0.8.5-1.0.1.EL.4]\n- Update release to address ULN up2date\n[0.8.5-1.EL.4]\n- Add patches for CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914\n and CVE-2011-2915\nRelated: rhbz #730997", "published": "2011-09-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1264.html", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2016-09-04T11:16:32"}], "ubuntu": [{"id": "USN-1255-1", "type": "ubuntu", "title": "libmodplug vulnerabilities", "description": "Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)\n\nIt was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2914, CVE-2011-2915)", "published": "2011-11-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1255-1/", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2018-03-29T18:17:46"}, {"id": "USN-1148-1", "type": "ubuntu", "title": "libmodplug vulnerabilities", "description": "It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1574)\n\nIt was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1761)\n\nThe default compiler options for affected releases should reduce the vulnerability to a denial of service.", "published": "2011-06-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1148-1/", "cvelist": ["CVE-2011-1574", "CVE-2011-1761"], "lastseen": "2018-03-29T18:21:02"}], "debian": [{"id": "DSA-2415", "type": "debian", "title": "libmodplug -- several vulnerabilities", "description": "Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for MOD music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues:\n\n * [CVE-2011-1761](<https://security-tracker.debian.org/tracker/CVE-2011-1761>)\n\nepiphant discovered that the abc file parser is vulnerable to several stack-based buffer overflows that potentially lead to the execution of arbitrary code.\n\n * [CVE-2011-2911](<https://security-tracker.debian.org/tracker/CVE-2011-2911>)\n\nHossein Lotfi of Secunia discovered that the CSoundFile::ReadWav function is vulnerable to an integer overflow which leads to a heap-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted WAV files.\n\n * [CVE-2011-2912](<https://security-tracker.debian.org/tracker/CVE-2011-2912>)\n\nHossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M function is vulnerable to a stack-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted S3M files.\n\n * [CVE-2011-2913](<https://security-tracker.debian.org/tracker/CVE-2011-2913>)\n\nHossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files.\n\n * [CVE-2011-2914](<https://security-tracker.debian.org/tracker/CVE-2011-2914>)\n\nIt was discovered that the CSoundFile::ReadDSM function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted DSM files.\n\n * [CVE-2011-2915](<https://security-tracker.debian.org/tracker/CVE-2011-2915>)\n\nIt was discovered that the CSoundFile::ReadAMS2 function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 1:0.8.8.1-1+squeeze2.\n\nFor the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 1:0.8.8.4-1.\n\nWe recommend that you upgrade your libmodplug packages.", "published": "2012-02-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2415", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1761", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "lastseen": "2016-09-02T18:31:18"}], "exploitdb": [{"id": "EDB-ID:17222", "type": "exploitdb", "title": "libmodplug <= 0.8.8.2 - .abc Stack-Based Buffer Overflow PoC", "description": "libmodplug <= 0.8.8.2 - (.abc) Stack-Based Buffer Overflow PoC. CVE-2011-1761. Dos exploit for linux platform", "published": "2011-04-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/17222/", "cvelist": ["CVE-2011-1761"], "lastseen": "2016-02-02T07:27:45"}]}}
