Описание
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | uses system libmodplug |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | not-affected | uses system libmodplug |
| karmic | not-affected | uses system libmodplug |
| lucid | not-affected | uses system libmodplug |
| maverick | not-affected | uses system libmodplug |
| natty | not-affected | uses system libmodplug |
| oneiric | not-affected | uses system libmodplug |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1:0.7-5ubuntu0.6.06.2 |
| devel | not-affected | 1:0.8.7-1 |
| hardy | released | 1:0.7-7ubuntu0.8.04.1 |
| intrepid | released | 1:0.7-7ubuntu0.8.10.1 |
| jaunty | released | 1:0.8.4-3ubuntu1.1 |
| karmic | not-affected | 1:0.8.7-1 |
| lucid | not-affected | 1:0.8.7-1 |
| maverick | not-affected | 1:0.8.7-1 |
| natty | not-affected | 1:0.8.7-1 |
| oneiric | not-affected | 1:0.8.7-1 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp ...
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.5 High
CVSS2