Upstream information

CVE-2009-1438 at MITRE

Description

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 496541 [RESOLVED / FIXED], 498828 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • gstreamer-plugins >= 0.8.1-8.10
  • gstreamer-plugins-default >= 0.8.1-8.10
  • gstreamer-plugins-devel >= 0.8.1-8.10
  • gstreamer-plugins-excess >= 0.8.1-8.10
  • gstreamer-plugins-extra >= 0.8.1-8.10
sles9-nld.x86-64
sles9-nld.x86
YOU Patch Nr: 12420
openSUSE 11.0
  • gstreamer-0_10-plugins-bad-debuginfo >= 0.10.6-36.2
  • gstreamer-0_10-plugins-bad-debugsource >= 0.10.6-36.2
openSUSE 11.0
  • gstreamer-0_10-plugins-bad >= 0.10.6-36.2
  • gstreamer-0_10-plugins-bad-devel >= 0.10.6-36.2
  • gstreamer-0_10-plugins-bad-doc >= 0.10.6-36.2
  • gstreamer-0_10-plugins-bad-lang >= 0.10.6-36.2
  • libgstapp-0_10-0 >= 0.10.6-36.2
openSUSE 11.1
  • gstreamer-0_10-plugins-bad-debuginfo >= 0.10.8-6.6.1
  • gstreamer-0_10-plugins-bad-debugsource >= 0.10.8-6.6.1
openSUSE 11.1
  • gstreamer-0_10-plugins-bad >= 0.10.8-6.6.1
  • gstreamer-0_10-plugins-bad-devel >= 0.10.8-6.6.1
  • gstreamer-0_10-plugins-bad-doc >= 0.10.8-6.6.1
  • gstreamer-0_10-plugins-bad-lang >= 0.10.8-6.6.1
  • libgstapp-0_10-0 >= 0.10.8-6.6.1