Launchpad.net

CVE 2009-1438

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Related bugs and status

CVE-2009-1438 (Candidate) is related to these bugs:

Bug #375774: Fix vulnerabilities in libmodplug

Summary				In	Importance	Status
	375774	Fix vulnerabilities in libmodplug		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.gentoo.org...
CONFIRM: https://bugzilla.redha...
BID: 30801
OSVDB: 53801
SECUNIA: 34797
VUPEN: ADV-2009-1104
FEDORA: FEDORA-2009-4064
FEDORA: FEDORA-2009-4068
SECUNIA: 34930
UBUNTU: USN-771-1
SECUNIA: 35026
MLIST: [oss-security] 2009042...
MANDRIVA: MDVSA-2009:128
SUSE: SUSE-SR:2009:012
GENTOO: GLSA-200907-07
SECUNIA: 35685
SECUNIA: 35736
DEBIAN: DSA-1850
DEBIAN: DSA-1851
SECUNIA: 36158
SECUNIA: 36183
MISC: http://modplug-xmms.cv...
CONFIRM: http://sourceforge.net...
XF: libmodplug-csoundfiler...