Vulnerability Details : CVE-2009-1438
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-1438
- cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1438
2.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-1438
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1438
-
Red Hat 2009-04-28The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438
References for CVE-2009-1438
-
http://www.vupen.com/english/advisories/2009/1104
Site en constructionPatch;Vendor Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=266913
266913 – (CVE-2009-1438) <media-libs/libmodplug-0.8.7, <gst-plugins-bad-0.10.10: Integer and buffer overflow (CVE-2009-{1438,1513})
-
http://security.gentoo.org/glsa/glsa-200907-07.xml
ModPlug: User-assisted execution of arbitrary code (GLSA 200907-07) — Gentoo security
-
http://www.debian.org/security/2009/dsa-1851
[SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution
-
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2
-
http://www.openwall.com/lists/oss-security/2009/04/21/4
oss-security - CVE Request -- libmodplug
-
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.html
[SECURITY] Fedora 10 Update: libmodplug-0.8.7-1.fc10
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50388
libmodplug CSoundFile::ReadMed() function buffer overflow CVE-2009-1438 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.ubuntu.com/usn/USN-771-1
USN-771-1: libmodplug vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.html
[SECURITY] Fedora 9 Update: libmodplug-0.8.7-1.fc9
-
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
ModPlug for XMMS download | SourceForge.netPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=496834
496834 – (CVE-2009-1438) CVE-2009-1438: libmodplug: Integer overflow in the MED files loading routine
-
http://www.debian.org/security/2009/dsa-1850
[SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:128
Mandriva
-
http://www.securityfocus.com/bid/30801
Exploit;Patch
Jump to