oss-sec mailing list archives
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
From: Josh Bressers <bressers () redhat com>
Date: Fri, 12 Aug 2011 14:24:32 -0400 (EDT)
1) An integer overflow error exists within the "CSoundFile::ReadWav()" function (src/load_wav.cpp) when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WAV file.
CVE-2011-2911
2) Boundary errors within the "CSoundFile::ReadS3M()" function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file.
CVE-2011-2912
3) An off-by-one error within the "CSoundFile::ReadAMS()" function (src/load_ams.cpp) can be exploited to cause a stack corruption by tricking a user into opening a specially crafted AMS file.
CVE-2011-2913
4) An off-by-one error within the "CSoundFile::ReadDSM()" function (src/load_dms.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted DSM file.
CVE-2011-2914
5) An off-by-one error within the "CSoundFile::ReadAMS2()" function (src/load_ams.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted AMS file.
CVE-2011-2915 I could have grouped the off-by-one flaws together, but I decided not to since you mention that old gstreamer-plugins contains embedded copies, which I suspect is also going to mean those will affect different things in different ways. Thanks. -- JB
Current thread:
- CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 10)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 11)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers (Aug 12)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)