Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-1438

Опубликовано: 25 фев. 2008
Источник: redhat

Описание

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Отчет

The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438

Ссылки на источники

Дополнительная информация

Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=496834libmodplug: Integer overflow in the MED files loading routine

Связанные уязвимости

ubuntu логотип

CVE-2009-1438

ubuntu
почти 17 лет назад

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

nvd логотип

CVE-2009-1438

nvd
почти 17 лет назад

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

debian логотип

CVE-2009-1438

debian
почти 17 лет назад

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp ...

github логотип

GHSA-v7cc-2p5c-5943

github
почти 4 года назад

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

fstec логотип

BDU:2015-03306

fstec
около 11 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации