Lucene search

Veracode Vulnerability DatabaseVERACODE:44882

HistoryDec 28, 2023 - 10:50 a.m.

Buffer Overflow

2023-12-2810:50:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libmikmod.so

buffer overflow

it_load

load_it.c

denial of service

6.9 Medium

AI Score

Confidence

High

0.219 Low

EPSS

Percentile

96.4%

JSON

libmikmod.so is vulnerable to Buffer Overflow. The vulnerability is due to the IT_Load function within load_it.c because there no proper validation or limits on the data being read from envelope data in tracker files, such as panpts, pitpts etc. This allows an attacker to craft Impulse Tracker files with specific data that can trigger a buffer overflow potentially leading to Denial of Service.

CPENameOperatorVersion
libmikmod.sole2.0.4.debug
libmikmod.sole2.0.4.debug

CPE	Name	Operator	Version
	libmikmod.so	le	2.0.4.debug
	libmikmod.so	le	2.0.4.debug

References

bugzilla.redhat.com/show_bug.cgi?id=614643

bugzilla.suse.com/show_bug.cgi?id=625547

github.com/sezero/mikmod/blob/4cfe57eede0ac618b2f6449d5ed0d11f61deee44/libmikmod/NEWS#L437

github.com/sezero/mikmod/commit/83995351f9151bf180777b11904e6ddd8af96f56