oss-sec mailing list archives
Re: CVE Request -- libmodplug
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 21 May 2009 18:55:21 -0400 (EDT)
On Wed, 29 Apr 2009, Jan Lieskovsky wrote:
apologize for not sending these all at once, but noticed the following one only today. There is another buffer overflow (DoS) vulnerability in libmodplug -- this time in PAT sample loader.
====================================================== Name: CVE-2009-1513 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1513 Reference: CONFIRM:http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275 Reference: CONFIRM:http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275 Reference: UBUNTU:USN-771-1 Reference: URL:http://www.ubuntu.com/usn/USN-771-1 Reference: BID:34747 Reference: URL:http://www.securityfocus.com/bid/34747 Reference: OSVDB:54109 Reference: URL:http://osvdb.org/54109 Reference: SECUNIA:34927 Reference: URL:http://secunia.com/advisories/34927 Reference: SECUNIA:35026 Reference: URL:http://secunia.com/advisories/35026 Reference: VUPEN:ADV-2009-1200 Reference: URL:http://www.vupen.com/english/advisories/2009/1200 Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Current thread:
- CVE Request -- libmodplug Jan Lieskovsky (Apr 21)
- Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 27)
- Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 29)
- Re: CVE Request -- libmodplug Steven M. Christey (May 21)
- Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 29)
- Re: CVE Request -- libmodplug Steven M. Christey (May 21)
- Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 27)