Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в библиотеке libmodplug
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12028
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждения памяти при разборе различных форматов файлов.
Затронутые продукты:LIBMODPLUG : libmodplug 0.8
CVE:CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.)
 CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.)
 CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.)
 CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.)
 CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentUBUNTU, [USN-1255-1] libmodplug vulnerabilities (11.11.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород