CVE-2009-3996

Publication date 18 December 2009

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libmikmod	10.04 LTS lucid	Fixed 3.1.11-6.1ubuntu0.1
	9.10 karmic	Fixed 3.1.11-6ubuntu4.1
	9.04 jaunty	Fixed 3.1.11-6ubuntu3.9.04.1
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 3.1.11-6ubuntu3.8.04.1
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

fixed by CVE-2009-3995f.patch in 3.1.11-6.2

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-995-1
libMikMod vulnerabilities
29 September 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2009-3996