Buffer Overflow

2023-12-2810:50:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libmikmod.so

buffer overflow

it_load

load_it.c

denial of service

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.219

Percentile

96.5%

JSON

libmikmod.so is vulnerable to Buffer Overflow. The vulnerability is due to the IT_Load function within load_it.c because there no proper validation or limits on the data being read from envelope data in tracker files, such as panpts, pitpts etc. This allows an attacker to craft Impulse Tracker files with specific data that can trigger a buffer overflow potentially leading to Denial of Service.