PublicDateAtUSN: 2010-08-05
Candidate: CVE-2010-2546
PublicDate: 2010-08-05 13:22:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546
 https://ubuntu.com/security/notices/USN-995-1
Description:
 Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod,
 possibly 3.1.12, might allow remote attackers to execute arbitrary code via
 (1) crafted samples or (2) crafted instrument definitions in an Impulse
 Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope.  NOTE:
 some of these details are obtained from third party information.  NOTE:
 this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Ubuntu-Description:
Notes:
 mdeslaur> fixed by CVE-2010-2546.patch in 3.1.11-6.3
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=614643
 http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libmikmod:
upstream_libmikmod: released (3.1.11-6.3)
dapper_libmikmod: ignored (reached end-of-life)
hardy_libmikmod: released (3.1.11-6ubuntu3.8.04.1)
jaunty_libmikmod: released (3.1.11-6ubuntu3.9.04.1)
karmic_libmikmod: released (3.1.11-6ubuntu4.1)
lucid_libmikmod: released (3.1.11-6.1ubuntu0.1)
devel_libmikmod: not-affected (3.1.11-6.3)