[gstreamer-bugs] [Bug 385788] New: [SECURITY] buffer overflows in modplug
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Thu Dec 14 02:06:21 PST 2006
Do not reply to this via email (we are currently unable to handle email
responses and they get discarded). You can add comments to this bug at
http://bugzilla.gnome.org/show_bug.cgi?id=385788
GStreamer | gst-plugins-bad | Ver: HEAD CVS
Summary: [SECURITY] buffer overflows in modplug
Product: GStreamer
Version: HEAD CVS
Platform: Other
OS/Version: Linux
Status: NEW
Severity: blocker
Priority: Normal
Component: gst-plugins-bad
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: wingo at pobox.com
QAContact: gstreamer-bugs at lists.sourceforge.net
GNOME version: Unspecified
GNOME milestone: Unspecified
>From http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192:
"Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier
and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute
arbitrary code via (1) long strings in ITP files used by the
CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted
modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as
demonstrated by crafted AMF files."
Fix seems to be to update our copy of libmodplug; better fix probably involves
not having that code in our CVS.
--
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
More information about the Gstreamer-bugs
mailing list