Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 10 Aug 2011 20:26:46 +0200

On Wed, 10 Aug 2011 10:27:18 +0200 Thomas Biege wrote:

The 2nd issue seems to be CVE-2011-1574 other seem to be untracked.

...

2) Boundary errors within the "CSoundFile::ReadS3M()" function
(src/load_s3m.cpp) when processing S3M files can be exploited to cause
stack-based buffer overflows by tricking a user into opening a
specially crafted S3M file.

Any specific reason to believe these two are the same?  CVE-2011-1574
links:
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b

while commit related to SA45131/2 seems to be this one:

[3]
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20

-- 
Tomas Hoger / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]