MDVSA-2009:128 -- Mandriva libmodplugID: oval:org.secpod.oval:def:300829 | Date: (C)2012-01-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted song comment or song name, which triggers a heap-based buffer overflow . Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name . The updated packages have been patched to prevent this.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.1 |