oss-sec mailing list archives
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
From: Thomas Biege <thomas () suse de>
Date: Thu, 11 Aug 2011 10:26:36 +0200
Am Mittwoch, 10. August 2011, 20:26:46 schrieb Tomas Hoger:
On Wed, 10 Aug 2011 10:27:18 +0200 Thomas Biege wrote:The 2nd issue seems to be CVE-2011-1574 other seem to be untracked....2) Boundary errors within the "CSoundFile::ReadS3M()" function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file.Any specific reason to believe these two are the same? CVE-2011-1574 links: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b while commit related to SA45131/2 seems to be this one:[3] http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20
Then this one also needs a new CVE-ID.
Thanks for clarifying this,
Thomas
--
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
Current thread:
- CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 10)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 11)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers (Aug 12)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)