CVE-2006-4192
Published: 16 August 2006
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Notes
Author | Note |
---|---|
jdstrand | gst-plugins-bad0.10 fixed in Debian 0.10.3-3.1 |
Priority
Status
Package | Release | Status |
---|---|---|
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Not vulnerable
(0.10.4-1ubuntu1)
|
|
gutsy |
Not vulnerable
(0.10.5-4ubuntu1)
|
|
hardy |
Not vulnerable
(0.10.5-4ubuntu1)
|
|
intrepid |
Not vulnerable
(0.10.5-4ubuntu1)
|
|
jaunty |
Not vulnerable
(0.10.5-4ubuntu1)
|
|
karmic |
Not vulnerable
(0.10.5-4ubuntu1)
|
|
upstream |
Needs triage
|
|
libmodplug Launchpad, Ubuntu, Debian |
dapper |
Released
(1:0.7-5ubuntu0.6.06.1)
|
edgy |
Released
(1:0.7-5ubuntu0.6.06.1)
|
|
feisty |
Not vulnerable
(1:0.7-5.2build1)
|
|
gutsy |
Not vulnerable
(1:0.7-5.2build1)
|
|
hardy |
Not vulnerable
(1:0.7-5.2build1)
|
|
intrepid |
Not vulnerable
(1:0.7-5.2build1)
|
|
jaunty |
Not vulnerable
(1:0.7-5.2build1)
|
|
karmic |
Not vulnerable
(1:0.7-5.2build1)
|
|
upstream |
Needs triage
|