Upstream information

CVE-2011-1761 at MITRE

Description

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 691137 [RESOLVED / FIXED], 710726 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libmodplug1
SUSE Linux Enterprise Desktop 12 SP1
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libmodplug1
SUSE Linux Enterprise Desktop 12 SP2
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libmodplug1
SUSE Linux Enterprise Desktop 12 SP3
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libmodplug1
SUSE Linux Enterprise Server 12
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 GA libmodplug1
SUSE Linux Enterprise Server 12 SP1
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libmodplug1
SUSE Linux Enterprise Server 12 SP2
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libmodplug1
SUSE Linux Enterprise Server 12 SP3
  • libmodplug1 >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libmodplug1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libmodplug1 >= 0.8.8.4-13.63
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libmodplug1
SUSE Linux Enterprise Software Development Kit 12
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libmodplug-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmodplug-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmodplug-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libmodplug-devel >= 0.8.8.4-13.69
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmodplug-devel
openSUSE 11.3
  • libmodplug-debugsource >= 0.8.8.4-2.2.1
  • libmodplug0-debuginfo >= 0.8.8.4-2.2.1
  • libmodplug0-debuginfo-32bit >= 0.8.8.4-2.2.1
openSUSE 11.3
openSUSE 11.4
  • libmodplug-devel >= 0.8.8.4-2.2.1
  • libmodplug0 >= 0.8.8.4-2.2.1
  • libmodplug0-32bit >= 0.8.8.4-2.2.1
openSUSE 11.3
  • libmodplug-debugsource >= 0.8.8.3-2.3.1
  • libmodplug0-debuginfo >= 0.8.8.3-2.3.1
  • libmodplug0-debuginfo-32bit >= 0.8.8.3-2.3.1
openSUSE 11.3
  • libmodplug-devel >= 0.8.8.3-2.3.1
  • libmodplug0 >= 0.8.8.3-2.3.1
  • libmodplug0-32bit >= 0.8.8.3-2.3.1
openSUSE 11.4
  • libmodplug-devel >= 0.8.8.3-2.12.1
  • libmodplug0 >= 0.8.8.3-2.12.1
  • libmodplug0-32bit >= 0.8.8.3-2.12.1
openSUSE 11.4
  • libmodplug-debugsource >= 0.8.8.4-2.2.1
  • libmodplug-devel >= 0.8.8.4-2.2.1
  • libmodplug0 >= 0.8.8.4-2.2.1
  • libmodplug0-32bit >= 0.8.8.4-2.2.1
  • libmodplug0-debuginfo >= 0.8.8.4-2.2.1
  • libmodplug0-debuginfo-32bit >= 0.8.8.4-2.2.1
Patchnames:
libmodplug
openSUSE Leap 42.1
  • libmodplug1 >= 0.8.8.5-4.1
Patchnames:
openSUSE Leap 42.1 GA libmodplug1
openSUSE Leap 42.2
  • libmodplug1 >= 0.8.8.5-5.3
Patchnames:
openSUSE Leap 42.2 GA libmodplug1
openSUSE Leap 42.3
  • libmodplug1 >= 0.8.8.5-7.4
Patchnames:
openSUSE Leap 42.3 GA libmodplug1
openSUSE Tumbleweed
  • libmodplug-devel >= 0.8.8.5-4.9
  • libmodplug1 >= 0.8.8.5-4.9
  • libmodplug1-32bit >= 0.8.8.5-4.9
Patchnames:
openSUSE Tumbleweed GA libmodplug-devel