Your submission was sent successfully! Close

CVE-2011-1761

Published: 5 May 2011

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.

Priority

Medium

Status

Package Release Status
gst-plugins-bad0.10
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system libmodplug)
maverick Not vulnerable
(uses system libmodplug)
natty Not vulnerable
(uses system libmodplug)
upstream Needs triage

libmodplug
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
lucid
Released (1:0.8.7-1ubuntu0.2)
maverick
Released (1:0.8.8.1-1ubuntu1.2)
natty
Released (1:0.8.8.1-2ubuntu0.2)
upstream
Released (0.8.8.3)

Notes

AuthorNote
mdeslaur
PoC: http://www.exploit-db.com/exploits/17222/
first commit listed causes regression when file starts with
a blank line, backing out.

References

Bugs