[Secure-testing-team] Re: libmodplug: CVE-2006-4192: buffer/heap
overflow -> arbitrary code execution as user
Loïc Minier
lool at dooz.org
Mon Jan 22 16:32:18 CET 2007
Hi,
I noticed you reported this CVE against libmodplug:
On Thu, Aug 17, 2006, Alec Berryman wrote:
> CVE-2006-4192: "Multiple buffer overflows in MODPlug Tracker (OpenMPT)
> 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow
> user-assisted remote attackers to execute arbitrary code via (1) long
> strings in ITP files used by the CSoundFile::ReadITProject function in
> soundlib/Load_it.cpp and (2) crafted modules used by the
> CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated
> by crafted AMF files."
But gst-plugins-bad0.10 is affected as well. (I've filed a bug against
gst-plugins-bad0.10, but it didn't arrive yet.)
Could you please add gst-plugins-bad0.10 to the embedded-code-copies
file for libmodplug?
(Please Cc: me, I'm not on the list.)
Thanks,
--
Loïc Minier <lool at dooz.org>
More information about the Secure-testing-team
mailing list