Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3
From: Josh Bressers <bressers () redhat com>
Date: Fri, 12 Aug 2011 14:24:32 -0400 (EDT)


1) An integer overflow error exists within the "CSoundFile::ReadWav()"
function (src/load_wav.cpp) when processing certain WAV files. This can
be exploited to cause a heap-based buffer overflow by tricking a user
into opening a specially crafted WAV file.

CVE-2011-2911



2) Boundary errors within the "CSoundFile::ReadS3M()" function
(src/load_s3m.cpp) when processing S3M files can be exploited to cause
stack-based buffer overflows by tricking a user into opening a specially
crafted S3M file.

CVE-2011-2912



3) An off-by-one error within the "CSoundFile::ReadAMS()" function
(src/load_ams.cpp) can be exploited to cause a stack corruption by
tricking a user into opening a specially crafted AMS file.

CVE-2011-2913



4) An off-by-one error within the "CSoundFile::ReadDSM()" function
(src/load_dms.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted DSM file.

CVE-2011-2914



5) An off-by-one error within the "CSoundFile::ReadAMS2()" function
(src/load_ams.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted AMS file.

CVE-2011-2915


I could have grouped the off-by-one flaws together, but I decided not to
since you mention that old gstreamer-plugins contains embedded copies,
which I suspect is also going to mean those will affect different things in
different ways.

Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]