CVE-2010-2971

2010-08-0500:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.219

Percentile

96.5%

JSON

loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account
for the larger size of name##env relative to name##tick and name##node,
which allows remote attackers to trigger a buffer over-read and possibly
have unspecified other impact via a crafted Impulse Tracker file, a related
issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete
fix for CVE-2009-3995.

Bugs

Notes

Author	Note
mdeslaur	fixed by CVE-2010-2546.patch in 3.1.11-6.3

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlibmikmod< 3.1.11-6ubuntu3.8.04.1UNKNOWN
ubuntu9.04noarchlibmikmod< 3.1.11-6ubuntu3.9.04.1UNKNOWN
ubuntu9.10noarchlibmikmod< 3.1.11-6ubuntu4.1UNKNOWN
ubuntu10.04noarchlibmikmod< 3.1.11-6.1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	libmikmod	< 3.1.11-6ubuntu3.8.04.1	UNKNOWN
ubuntu	9.04	noarch	libmikmod	< 3.1.11-6ubuntu3.9.04.1	UNKNOWN
ubuntu	9.10	noarch	libmikmod	< 3.1.11-6ubuntu4.1	UNKNOWN
ubuntu	10.04	noarch	libmikmod	< 3.1.11-6.1ubuntu0.1	UNKNOWN