Информационная безопасность
[RU] switch to English


Многочисленные переполнения буфера в libmikmod
дополнено с 8 февраля 2010 г.
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:10594
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнения буфера при разборе форматов Impulse Tracker и Ultratracker.
Затронутые продукты:MIKMOD : libmikmod 3.1
CVE:CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.)
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution (14.08.2010)
 documentSECUNIA, Secunia Research: libmikmod Module Parsing Vulnerabilities (08.02.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород