Описание
Security update for libmikmod
This update for libmikmod fixes the following issues:
- CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. (bsc#625547).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:1471-1
- E-Mail link for SUSE-SU-2018:1471-1
- SUSE Security Ratings
- SUSE Bug 625547
- SUSE CVE CVE-2009-3995 page
- SUSE CVE CVE-2010-2546 page
Описание
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Затронутые продукты
Ссылки
- CVE-2009-3995
- SUSE Bug 577875
- SUSE Bug 625547
- SUSE Bug 752802
Описание
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Затронутые продукты
Ссылки
- CVE-2010-2546
- SUSE Bug 625547
- SUSE Bug 752802