National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-1438 Detail

Description

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Source:  MITRE      Last Modified:  04/27/2009

Quick Info

CVE Dictionary Entry:
CVE-2009-1438
Original release date:
04/27/2009
Last revised:
08/16/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (04/28/2009)

The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.gentoo.org/show_bug.cgi?id=266913 External Source CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=266913
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html External Source SUSE SUSE-SR:2009:012
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2 External Source MISC http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2
http://security.gentoo.org/glsa/glsa-200907-07.xml External Source GENTOO GLSA-200907-07
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275 Patch External Source CONFIRM http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275
http://www.debian.org/security/2009/dsa-1850 External Source DEBIAN DSA-1850
http://www.debian.org/security/2009/dsa-1851 External Source DEBIAN DSA-1851
http://www.mandriva.com/security/advisories?name=MDVSA-2009:128 External Source MANDRIVA MDVSA-2009:128
http://www.openwall.com/lists/oss-security/2009/04/21/4 External Source MLIST [oss-security] 20090421 CVE Request -- libmodplug
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.html External Source FEDORA FEDORA-2009-4064
http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.html External Source FEDORA FEDORA-2009-4068
http://www.securityfocus.com/bid/30801 Exploit; Patch External Source BID 30801
http://www.ubuntu.com/usn/USN-771-1 External Source UBUNTU USN-771-1
http://www.vupen.com/english/advisories/2009/1104 Patch; Vendor Advisory External Source VUPEN ADV-2009-1104
https://bugzilla.redhat.com/show_bug.cgi?id=496834 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=496834
https://exchange.xforce.ibmcloud.com/vulnerabilities/50388 External Source XF libmodplug-csoundfilereadmed-bo(50388)

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes