Bug 1150

Summary: CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability
Product: Mageia Reporter: Jérôme Soyer <saispo>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: High CC: misc
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
Whiteboard:
Source RPM: libmodplug-0.8.8.1-1.mga1.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 908    

Description Jérôme Soyer 2011-05-05 10:05:08 CEST 
A stack-based buffer overflow vulnerability was discovered [1] in the way that
that libmodplug handled S3M media files.  If an attacker were able to coerce a
user into opening a malicious S3M media file with an application linked to
libmodplug, it could be possible to execute arbitrary code with the privileges
of the user running the application.

This has been corrected upstream [2] in 0.8.8.2

[1] https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
[2]
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b

src: From RH Bugzilla
Jérôme Soyer 2011-05-05 10:05:40 CEST

Priority: Normal => release_blocker
Depends on: (none) => 908

Jérôme Soyer 2011-05-05 10:39:12 CEST

Priority: release_blocker => High

Michael Scherer 2011-05-05 15:40:57 CEST

CC: (none) => misc
Blocks: (none) => 908
Depends on: 908 => (none)

Comment 1 Jérôme Soyer 2011-05-05 15:49:36 CEST 
fixed in package libmodplug-0.8.8.2-1.mga1

Status: NEW => RESOLVED
Resolution: (none) => FIXED