Lucene search
Ubuntu.comUB:CVE-2009-1438HistoryApr 27, 2009 - 12:00 a.m.
CVE-2009-1438
2009-04-2700:00:00
ubuntu.com
ubuntu.com
17
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.022
Percentile
89.5%
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in
libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other
products, allows context-dependent attackers to execute arbitrary code via
a MED file with a crafted (1) song comment or (2) song name, which triggers
a heap-based buffer overflow, as exploited in the wild in August 2008.
Bugs
- <http://bugs.gentoo.org/show_bug.cgi?id=266913>
- <https://bugzilla.redhat.com/show_bug.cgi?id=496834>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526657 (libmodplug)>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527075 (gst-plugins-bad0.10)>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527076 (libmodplug)>
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | libmodplug | < 1:0.7-5ubuntu0.6.06.2 | UNKNOWN |
| ubuntu | 8.04 | noarch | libmodplug | < 1:0.7-7ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | libmodplug | < 1:0.7-7ubuntu0.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | libmodplug | < 1:0.8.4-3ubuntu1.1 | UNKNOWN |
Related
prion
prion
Integer overflow
2009-04-27 18:00:00
nvd
nvd
CVE-2009-1438
2009-04-27 18:00:00
debiancve
debiancve
CVE-2009-1438
2009-04-27 18:00:00
nessus
nessus
Fedora 9 : libmodplug-0.8.7-1.fc9 (2009-4064)
2009-04-28 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-4068 (libmodplug)
2009-05-05 00:00:00
Fedora Core 10 FEDORA-2009-4068 (libmodplug)
2009-05-05 00:00:00
Debian Security Advisory DSA 1851-1 (gst-plugins-bad0.10)
2009-08-17 00:00:00
securityvulns
securityvulns
libmodplug library multiple security vulnerabilities
2009-05-07 00:00:00
[USN-771-1] libmodplug vulnerabilities
2009-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: libmodplug-0.8.7-1.fc9
2009-04-28 01:19:14
[SECURITY] Fedora 10 Update: libmodplug-0.8.7-1.fc10
2009-04-28 01:19:34
altlinux
altlinux
Security fix for the ALT Linux 6 package libmodplug version 0.8.7-alt1
2009-05-01 00:00:00
cvelist
cvelist
CVE-2009-1438
2009-04-27 17:43:00
debian
debian
cve
cve
CVE-2009-1438
2009-04-27 18:00:00
osv
osv
libmodplug - arbitrary code execution
2009-08-04 00:00:00
ubuntu
ubuntu
libmodplug vulnerabilities
2009-05-07 00:00:00
gentoo
gentoo
ModPlug: User-assisted execution of arbitrary code
2009-07-12 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.022
Percentile
89.5%
Related for UB:CVE-2009-1438