Debian Bug report logs - #527076
libmodplug: CVE-2009-1438 integer overflow in CSoundFile::ReadMed()

version graph

Package: libmodplug; Maintainer for libmodplug is Zed Pobre <zed@debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Tue, 5 May 2009 14:09:04 UTC

Severity: grave

Tags: patch, security

Merged with 526657

Found in version 1:0.8.4-5

Fixed in version libmodplug/1:0.8.7-1

Done: Zed Pobre <zed@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Zed Pobre <zed@debian.org>:
Bug#527076; Package libmodplug. (Tue, 05 May 2009 14:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Zed Pobre <zed@debian.org>. (Tue, 05 May 2009 14:09:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: libmodplug: CVE-2009-1438 integer overflow in CSoundFile::ReadMed()
Date: Tue, 5 May 2009 16:05:19 +0200
[Message part 1 (text/plain, inline)]
Source: libmodplug
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libmodplug.

CVE-2009-1438[0]:
| Integer overflow in the CSoundFile::ReadMed function
| (src/load_med.cpp) in libmodplug before 0.8.6, as used in
| gstreamer-plugins and other products, allows context-dependent
| attackers to execute arbitrary code via a MED file with a crafted (1)
| song comment or (2) song name, which triggers a heap-based buffer
| overflow.

The upstream patch is available on:
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2&view=patch

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438
    http://security-tracker.debian.net/tracker/CVE-2009-1438

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Merged 526657 527076. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Tue, 05 May 2009 14:12:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 09 Jun 2009 07:42:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 21:59:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.