| Vulnerability Name: | CVE-2006-4192 (CCN-28305) | ||||||||||||||||
| Assigned: | 2006-08-09 | ||||||||||||||||
| Published: | 2006-08-09 | ||||||||||||||||
| Updated: | 2018-10-17 | ||||||||||||||||
| Summary: | Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | ||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other CWE-190 CWE-122 CWE-122 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Luigi Auriemma Advisory 09 Aug 2006 Stack and heap overflows in Modplug Tracker / OpenMPT 1.17.02.43 (SVN 157) Source: MISC Type: UNKNOWN http://aluigi.altervista.org/adv/mptho-adv.txt Source: CONFIRM Type: UNKNOWN http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac Source: MITRE Type: CNA CVE-2006-4192 Source: CCN Type: OpenMPT Web site MODPlug Central Forum Index Source: CCN Type: RHSA-2011-0477 Important: gstreamer-plugins security update Source: CCN Type: SA21418 OpenMPT Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 21418 Source: SECUNIA Type: UNKNOWN 22080 Source: CCN Type: SA22658 libmodplug Buffer Overflow Vulnerabilities Source: SECUNIA Type: UNKNOWN 22658 Source: SECUNIA Type: UNKNOWN 23294 Source: SECUNIA Type: UNKNOWN 23555 Source: SECUNIA Type: UNKNOWN 26979 Source: GENTOO Type: UNKNOWN GLSA-200612-04 Source: SREASON Type: UNKNOWN 1397 Source: CCN Type: GLSA-200612-04 ModPlug: Multiple buffer overflows Source: MANDRIVA Type: UNKNOWN MDKSA-2007:001 Source: SUSE Type: UNKNOWN SUSE-SR:2006:023 Source: BUGTRAQ Type: UNKNOWN 20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 Source: BID Type: UNKNOWN 19448 Source: CCN Type: BID-19448 OpenMPT Multiple Remote Code Execution Vulnerabilities Source: CCN Type: USN-521-1 libmodplug vulnerability Source: UBUNTU Type: UNKNOWN USN-521-1 Source: VUPEN Type: UNKNOWN ADV-2006-3231 Source: VUPEN Type: UNKNOWN ADV-2006-4310 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=497154 Source: XF Type: UNKNOWN openmpt-loadit-bo(28305) Source: XF Type: UNKNOWN openmpt-loadit-bo(28305) Source: XF Type: UNKNOWN openmpt-readsample-bo(28309) Source: REDHAT Type: UNKNOWN RHSA-2011:0477 Source: SUSE Type: SUSE-SR:2006:023 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Vulnerability Name: | CVE-2006-4192 (CCN-28309) | ||||||||||||||||
| Assigned: | 2006-08-17 | ||||||||||||||||
| Published: | 2006-08-17 | ||||||||||||||||
| Updated: | 2018-10-17 | ||||||||||||||||
| Summary: | Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | ||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other CWE-190 CWE-122 CWE-122 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Luigi Auriemma Advisory 09 Aug 2006 Stack and heap overflows in Modplug Tracker / OpenMPT 1.17.02.43 (SVN 157) Source: MITRE Type: CNA CVE-2006-4192 Source: CCN Type: OpenMPT Web site MODPlug Central Forum Index Source: CCN Type: RHSA-2011-0477 Important: gstreamer-plugins security update Source: CCN Type: SA21418 OpenMPT Buffer Overflow Vulnerabilities Source: CCN Type: SA22658 libmodplug Buffer Overflow Vulnerabilities Source: CCN Type: SourceForge.net: Files ModPlug for XMMS, File Release Notes and Changelog, Release Name: 0.8.6 Source: CCN Type: GLSA-200612-04 ModPlug: Multiple buffer overflows Source: CCN Type: BID-19448 OpenMPT Multiple Remote Code Execution Vulnerabilities Source: CCN Type: USN-521-1 libmodplug vulnerability Source: XF Type: UNKNOWN openmpt-readsample-bo(28309) Source: SUSE Type: SUSE-SR:2006:023 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||