Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 May 2009 18:55:21 -0400 (EDT)
From: "Steven M. Christey" <>
To:, Jan Lieskovsky <>
cc: "Steven M. Christey" <>,
        Konstanty <>
Subject: Re: CVE Request -- libmodplug

On Wed, 29 Apr 2009, Jan Lieskovsky wrote:

>   apologize for not sending these all at once, but noticed
>   the following one only today. There is another buffer
>   overflow (DoS) vulnerability in libmodplug -- this time
>   in PAT sample loader.

Name: CVE-2009-1513
Status: Candidate
Reference: CONFIRM:;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595
Reference: CONFIRM:
Reference: CONFIRM:
Reference: UBUNTU:USN-771-1
Reference: URL:
Reference: BID:34747
Reference: URL:
Reference: OSVDB:54109
Reference: URL:
Reference: SECUNIA:34927
Reference: URL:
Reference: SECUNIA:35026
Reference: URL:
Reference: VUPEN:ADV-2009-1200
Reference: URL:

Buffer overflow in the PATinst function in src/load_pat.cpp in
libmodplug before 0.8.7 allows user-assisted remote attackers to cause
a denial of service and possibly execute arbitrary code via a long
instrument name.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ