CVE-2011-2914
Priority
Medium
Description
Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in
libmodplug before 0.8.8.4 allows remote attackers to cause a denial of
service (memory corruption) and possibly execute arbitrary code via a
crafted DSM file with a large number of samples.
libmodplug before 0.8.8.4 allows remote attackers to cause a denial of
service (memory corruption) and possibly execute arbitrary code via a
crafted DSM file with a large number of samples.
References
Assigned-to
mdeslaur
Package
| Upstream: | released (0.8.8.4) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1:0.8.7-1ubuntu0.3) |
| Ubuntu 11.04 (Natty Narwhal): | released (1:0.8.8.1-2ubuntu0.3) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1:0.8.8.2-3ubuntu1.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (1:0.8.8.4-1) |
Patches:
| Upstream: | http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (uses system libmodplug) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (uses system libmodplug) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (uses system libmodplug) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (uses system libmodplug) |