oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

From: Josh Bressers <bressers () redhat com>
Date: Fri, 12 Aug 2011 14:24:32 -0400 (EDT)

1) An integer overflow error exists within the "CSoundFile::ReadWav()"
function (src/load_wav.cpp) when processing certain WAV files. This can
be exploited to cause a heap-based buffer overflow by tricking a user
into opening a specially crafted WAV file.


CVE-2011-2911




2) Boundary errors within the "CSoundFile::ReadS3M()" function
(src/load_s3m.cpp) when processing S3M files can be exploited to cause
stack-based buffer overflows by tricking a user into opening a specially
crafted S3M file.


CVE-2011-2912




3) An off-by-one error within the "CSoundFile::ReadAMS()" function
(src/load_ams.cpp) can be exploited to cause a stack corruption by
tricking a user into opening a specially crafted AMS file.


CVE-2011-2913




4) An off-by-one error within the "CSoundFile::ReadDSM()" function
(src/load_dms.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted DSM file.


CVE-2011-2914




5) An off-by-one error within the "CSoundFile::ReadAMS2()" function
(src/load_ams.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted AMS file.


CVE-2011-2915


I could have grouped the off-by-one flaws together, but I decided not to
since you mention that old gstreamer-plugins contains embedded copies,
which I suspect is also going to mean those will affect different things in
different ways.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: