CVE-2011-1761

Publication date 5 May 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

Package Ubuntu Release Status
gst-plugins-bad0.10 11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life
libmodplug 11.04 natty
Fixed 1:0.8.8.1-2ubuntu0.2
10.10 maverick
Fixed 1:0.8.8.1-1ubuntu1.2
10.04 LTS lucid
Fixed 1:0.8.7-1ubuntu0.2
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

PoC: http://www.exploit-db.com/exploits/17222/ first commit listed causes regression when file starts with a blank line, backing out.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libmodplug

References

Related Ubuntu Security Notices (USN)

    • USN-1148-1
    • libmodplug vulnerabilities
    • 13 June 2011

Other references