CVE-2011-1574

Published: 9 May 2011

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.

Priority

Status

Package	Release	Status
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	hardy	Ignored (reached end-of-life)
	lucid	Not vulnerable (uses system libmodplug)
	maverick	Not vulnerable (uses system libmodplug)
	natty	Not vulnerable (uses system libmodplug)
	upstream	Needs triage
libmodplug Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	hardy	Ignored (reached end-of-life)
	lucid	Released (1:0.8.7-1ubuntu0.2)
	maverick	Released (1:0.8.8.1-1ubuntu1.2)
	natty	Released (1:0.8.8.1-2ubuntu0.2)
	upstream	Released (0.8.8.2)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1574
http://seclists.org/fulldisclosure/2011/Apr/113
https://ubuntu.com/security/notices/USN-1148-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1574
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›