Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: libmodplug: multiple vulnerabilities reported in <=
From: Thomas Biege <thomas () suse de>
Date: Thu, 11 Aug 2011 10:26:36 +0200

Am Mittwoch, 10. August 2011, 20:26:46 schrieb Tomas Hoger:
On Wed, 10 Aug 2011 10:27:18 +0200 Thomas Biege wrote:

The 2nd issue seems to be CVE-2011-1574 other seem to be untracked.


2) Boundary errors within the "CSoundFile::ReadS3M()" function
(src/load_s3m.cpp) when processing S3M files can be exploited to cause
stack-based buffer overflows by tricking a user into opening a
specially crafted S3M file.

Any specific reason to believe these two are the same?  CVE-2011-1574

while commit related to SA45131/2 seems to be this one:


Then this one also needs a new CVE-ID.

Thanks for clarifying this,

Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB 21284 (AG N├╝rnberg
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]