Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-1761

Published: 5 May 2011

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.

Notes

AuthorNote
mdeslaur 
PoC: http://www.exploit-db.com/exploits/17222/
first commit listed causes regression when file starts with
a blank line, backing out.

Priority

Medium

Status

Package Release Status
gst-plugins-bad0.10
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
hardy Ignored
(end of life)
lucid Not vulnerable
(uses system libmodplug)
maverick Not vulnerable
(uses system libmodplug)
natty Not vulnerable
(uses system libmodplug)
upstream Needs triage

libmodplug
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
hardy Ignored
(end of life)
lucid
Released (1:0.8.7-1ubuntu0.2)
maverick
Released (1:0.8.8.1-1ubuntu1.2)
natty
Released (1:0.8.8.1-2ubuntu0.2)
upstream
Released (0.8.8.3)
Patches:
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=9d8510456d27f15dbffd6b90d025b203bc765258
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=d7c36959757fc6c8e4d487be8a72383093d9d26f
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=5d437ad2f741c08fc3862cd4d5157492ead0fe84
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=a13e067a82fa195b1732ad9fb8341c1b0f141bf5
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=22aa681cd12f8547a8866112c7e443166115b701
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=bd5363f31274d6e79b8ace5a94686c9ac6ef415b
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=51f4b152060be23a4514da2a65c83e205bfb21ba
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=56436fac0a37b1746dab594e4aefba9d2bb92e09
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=ad305187322171eab3a66f4b5ce2a067b1580b3e
upstream: http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=497a27ba2555399d7aa243dbb51ca81e4e7a32cf
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading