Lucene search

K
ubuntuUbuntuUSN-1148-1
HistoryJun 13, 2011 - 12:00 a.m.

libmodplug vulnerabilities

2011-06-1300:00:00
ubuntu.com
36

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.312 Low

EPSS

Percentile

97.0%

Releases

  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04

Packages

  • libmodplug - Library for mod music based on ModPlug

Details

It was discovered that libmodplug did not correctly handle certain
malformed S3M media files. If a user or automated system were tricked into
opening a crafted S3M file, an attacker could cause a denial of service or
possibly execute arbitrary code with privileges of the user invoking the
program. (CVE-2011-1574)

It was discovered that libmodplug did not correctly handle certain
malformed ABC media files. If a user or automated system were tricked into
opening a crafted ABC file, an attacker could cause a denial of service or
possibly execute arbitrary code with privileges of the user invoking the
program. (CVE-2011-1761)

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

OSVersionArchitecturePackageVersionFilename
Ubuntu11.04noarchlibmodplug1< 1:0.8.8.1-2ubuntu0.2UNKNOWN
Ubuntu10.10noarchlibmodplug1< 1:0.8.8.1-1ubuntu1.2UNKNOWN
Ubuntu10.04noarchlibmodplug0c2< 1:0.8.7-1ubuntu0.2UNKNOWN

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.312 Low

EPSS

Percentile

97.0%