CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
93.5%
It was discovered that libmodplug did not correctly handle certain
parameters when parsing MED media files. If a user or automated system were
tricked into opening a crafted MED file, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-1438)
Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not
correctly handle long instrument names when parsing PAT sample files. If a
user or automated system were tricked into opening a crafted PAT file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 9.04. (CVE-2009-1513)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | libmodplug0c2 | < 1:0.8.4-3ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libmodplug0c2 | < 1:0.7-7ubuntu0.8.10.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libmodplug0c2 | < 1:0.7-7ubuntu0.8.04.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | libmodplug0c2 | < 1:0.7-5ubuntu0.6.06.2 | UNKNOWN |