Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 Aug 2011 14:24:32 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: libmodplug: multiple
 vulnerabilities reported in <= 0.8.8.3

> 
> 1) An integer overflow error exists within the "CSoundFile::ReadWav()"
> function (src/load_wav.cpp) when processing certain WAV files. This can
> be exploited to cause a heap-based buffer overflow by tricking a user
> into opening a specially crafted WAV file.

CVE-2011-2911


> 
> 2) Boundary errors within the "CSoundFile::ReadS3M()" function
> (src/load_s3m.cpp) when processing S3M files can be exploited to cause
> stack-based buffer overflows by tricking a user into opening a specially
> crafted S3M file.

CVE-2011-2912


> 
> 3) An off-by-one error within the "CSoundFile::ReadAMS()" function
> (src/load_ams.cpp) can be exploited to cause a stack corruption by
> tricking a user into opening a specially crafted AMS file.

CVE-2011-2913


> 
> 4) An off-by-one error within the "CSoundFile::ReadDSM()" function
> (src/load_dms.cpp) can be exploited to cause a memory corruption by
> tricking a user into opening a specially crafted DSM file.

CVE-2011-2914


> 
> 5) An off-by-one error within the "CSoundFile::ReadAMS2()" function
> (src/load_ams.cpp) can be exploited to cause a memory corruption by
> tricking a user into opening a specially crafted AMS file.

CVE-2011-2915


I could have grouped the off-by-one flaws together, but I decided not to
since you mention that old gstreamer-plugins contains embedded copies,
which I suspect is also going to mean those will affect different things in
different ways.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ