CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 27, 2009
Published Date
April 27, 2009
Last Updated
August 07, 2024
Vendor
libmodplug
Product
libmodplug
Description
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2009-04-27 17:43:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-04-27 17:43:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel