CVE-2009-1438

Priority
Description
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in
libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other
products, allows context-dependent attackers to execute arbitrary code via
a MED file with a crafted (1) song comment or (2) song name, which triggers
a heap-based buffer overflow, as exploited in the wild in August 2008.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 01:20:14 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)