Upstream information

CVE-2011-1761 at MITRE

Description

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 691137 [RESOLVED / FIXED], 710726 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libmodplug1-0.8.8.4-13.69
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmodplug-devel-0.8.8.4-13.69
SUSE Linux Enterprise Desktop 12 SP2
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libmodplug1-0.8.8.4-13.69
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Desktop 12 SP3
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libmodplug1-0.8.8.4-13.69
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Desktop 12 SP4
  • libmodplug-devel >= 0.8.9.0+git20170610.f6dd59a-15.4.1
  • libmodplug1 >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Desktop 12
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libmodplug1-0.8.8.4-13.69
SUSE Linux Enterprise Software Development Kit 12 GA libmodplug-devel-0.8.8.4-13.69
SUSE Linux Enterprise High Performance Computing 12 SP5
  • libmodplug1 >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise High Performance Computing 12 SP5 GA libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Server 12 SP1
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libmodplug1-0.8.8.4-13.69
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmodplug-devel-0.8.8.4-13.69
SUSE Linux Enterprise Server 12 SP2
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libmodplug1-0.8.8.4-13.63
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Server 12 SP3
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libmodplug1-0.8.8.4-13.63
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Server 12 SP4
  • libmodplug-devel >= 0.8.9.0+git20170610.f6dd59a-15.4.1
  • libmodplug1 >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Server 12 SP5
  • libmodplug-devel >= 0.8.9.0+git20170610.f6dd59a-15.4.1
  • libmodplug1 >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise Server 12 SP5 GA libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Software Development Kit 12 SP5 GA libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Server 12
  • libmodplug-devel >= 0.8.8.4-13.69
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 GA libmodplug1-0.8.8.4-13.63
SUSE Linux Enterprise Software Development Kit 12 GA libmodplug-devel-0.8.8.4-13.69
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libmodplug1 >= 0.8.8.4-13.63
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libmodplug1-0.8.8.4-13.63
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmodplug-devel-0.8.8.4-13.69
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmodplug-devel-0.8.8.4-13.63
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
  • libmodplug-devel >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
  • libmodplug-devel >= 0.8.9.0+git20170610.f6dd59a-15.4.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libmodplug-devel-0.8.8.4-13.69
openSUSE Tumbleweed
  • libmodplug-devel >= 0.8.8.5-4.9
  • libmodplug1 >= 0.8.8.5-4.9
  • libmodplug1-32bit >= 0.8.8.5-4.9
Patchnames:
openSUSE Tumbleweed GA libmodplug-devel-0.8.8.5-4.9


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 07:57:24 2013
CVE page last modified: Fri Dec 8 16:48:40 2023