libmodplug vulnerabilities

2009-05-0700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.06

Percentile

93.5%

JSON

Releases

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

Packages

libmodplug -

Details

It was discovered that libmodplug did not correctly handle certain
parameters when parsing MED media files. If a user or automated system were
tricked into opening a crafted MED file, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-1438)

Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not
correctly handle long instrument names when parsing PAT sample files. If a
user or automated system were tricked into opening a crafted PAT file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 9.04. (CVE-2009-1513)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchlibmodplug0c2< 1:0.8.4-3ubuntu1.1UNKNOWN
Ubuntu8.10noarchlibmodplug0c2< 1:0.7-7ubuntu0.8.10.1UNKNOWN
Ubuntu8.04noarchlibmodplug0c2< 1:0.7-7ubuntu0.8.04.1UNKNOWN
Ubuntu6.06noarchlibmodplug0c2< 1:0.7-5ubuntu0.6.06.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.04	noarch	libmodplug0c2	< 1:0.8.4-3ubuntu1.1	UNKNOWN
Ubuntu	8.10	noarch	libmodplug0c2	< 1:0.7-7ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.04	noarch	libmodplug0c2	< 1:0.7-7ubuntu0.8.04.1	UNKNOWN
Ubuntu	6.06	noarch	libmodplug0c2	< 1:0.7-5ubuntu0.6.06.2	UNKNOWN