Bug 1150 - CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability
Summary: CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: High critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: https://www.sec-consult.com/files/201...
Whiteboard:
Keywords:
Depends on:
Blocks: 908
  Show dependency treegraph
 
Reported: 2011-05-05 10:05 CEST by Jérôme Soyer
Modified: 2011-05-05 15:49 CEST (History)
1 user (show)

See Also:
Source RPM: libmodplug-0.8.8.1-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jérôme Soyer 2011-05-05 10:05:08 CEST 
A stack-based buffer overflow vulnerability was discovered [1] in the way that
that libmodplug handled S3M media files.  If an attacker were able to coerce a
user into opening a malicious S3M media file with an application linked to
libmodplug, it could be possible to execute arbitrary code with the privileges
of the user running the application.

This has been corrected upstream [2] in 0.8.8.2

[1] https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
[2]
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b

src: From RH Bugzilla
Jérôme Soyer 2011-05-05 10:05:40 CEST

Priority: Normal => release_blocker
Depends on: (none) => 908

Jérôme Soyer 2011-05-05 10:39:12 CEST

Priority: release_blocker => High

Michael Scherer 2011-05-05 15:40:57 CEST

CC: (none) => misc
Blocks: (none) => 908
Depends on: 908 => (none)

Comment 1 Jérôme Soyer 2011-05-05 15:49:36 CEST 
fixed in package libmodplug-0.8.8.2-1.mga1

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.