6.8

CVE-2009-1513

Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.11% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/35026
http://secunia.com/advisories/35736
http://secunia.com/advisories/36158
http://security.gentoo.org/glsa/glsa-200907-07.xml
http://www.debian.org/security/2009/dsa-1850
http://www.mandriva.com/security/advisories?name=MDVSA-2009:128
http://www.ubuntu.com/usn/USN-771-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms%3Ba=commitdiff%3Bh=c4ebb701be6ee9a296a44fdac5a20b7739ff0595
http://osvdb.org/54109
http://secunia.com/advisories/34927
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275
Patch
http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275
Patch
http://www.openwall.com/lists/oss-security/2009/04/29/5
http://www.securityfocus.com/bid/34747
Patch
http://www.vupen.com/english/advisories/2009/1200
Patch
Vendor Advisory