CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

🔗 References (48)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=266913
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• cve@mitrehttp://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&amp%3Br2=1.2
• cve@mitrehttp://osvdb.org/53801
• cve@mitrehttp://secunia.com/advisories/34797
• cve@mitrehttp://secunia.com/advisories/34930
• cve@mitrehttp://secunia.com/advisories/35026
• cve@mitrehttp://secunia.com/advisories/35685
• cve@mitrehttp://secunia.com/advisories/35736
• cve@mitrehttp://secunia.com/advisories/36158
• cve@mitrehttp://secunia.com/advisories/36183
• cve@mitrehttp://security.gentoo.org/glsa/glsa-200907-07.xml
• cve@mitrehttp://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
• cve@mitrehttp://www.debian.org/security/2009/dsa-1850
• cve@mitrehttp://www.debian.org/security/2009/dsa-1851