Vulnerability Name:

CVE-2009-1438 (CCN-50388)

Assigned:2008-02-25
Published:2008-02-25
Updated:2017-08-17
Summary:Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Gentoo Bugzilla Bug 266913
media-libs/libmodplug-0.8.7, < gst-plugins-bad-0.10.10: Integer and buffer overflow (CVE-2009-{1438,1513})

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=266913

Source: MITRE
Type: CNA
CVE-2009-1438

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:012

Source: MISC
Type: UNKNOWN
http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2

Source: CCN
Type: ModPlug XMMS Plugin Web page
ModPlug XMMS Plugin

Source: OSVDB
Type: Patch
53801

Source: CCN
Type: SA34797
libmodplug "CSoundFile::ReadMed()" Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
34797

Source: SECUNIA
Type: UNKNOWN
34930

Source: SECUNIA
Type: UNKNOWN
35026

Source: SECUNIA
Type: UNKNOWN
35685

Source: SECUNIA
Type: UNKNOWN
35736

Source: SECUNIA
Type: UNKNOWN
36158

Source: SECUNIA
Type: UNKNOWN
36183

Source: GENTOO
Type: UNKNOWN
GLSA-200907-07

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275

Source: DEBIAN
Type: UNKNOWN
DSA-1850

Source: DEBIAN
Type: UNKNOWN
DSA-1851

Source: DEBIAN
Type: DSA-1850
libmodplug -- several vulnerabilities

Source: DEBIAN
Type: DSA-1851
gst-plugins-bad0.10 -- integer overflow

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:128

Source: MLIST
Type: UNKNOWN
[oss-security] 20090421 CVE Request -- libmodplug

Source: CCN
Type: OSVDB ID: 53801
libmodplug src/load_med.cpp CSoundFile::ReadMed() Function MED File Handling Overflow

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4064

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4068

Source: BID
Type: Exploit, Patch
30801

Source: CCN
Type: BID-30801
libmodplug 's3m' Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-771-1
libmodplug vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-771-1

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1104

Source: CCN
Type: Red Hat Bugzilla Bug 496834
CVE-2009-1438: libmodplug: Integer overflow in the MED files loading routine

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=496834

Source: XF
Type: UNKNOWN
libmodplug-csoundfilereadmed-bo(50388)

Source: XF
Type: UNKNOWN
libmodplug-csoundfilereadmed-bo(50388)

Source: SUSE
Type: SUSE-SR:2009:012
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:* (Version <= 0.8.5)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20091438
    V
    		CVE-2009-1438
    2015-11-16
    oval:org.mitre.oval:def:13400
    P
    		USN-771-1 -- libmodplug vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13584
    P
    		DSA-1851-1 gst-plugins-bad0.10 -- integer overflow
    2014-06-23
    oval:org.mitre.oval:def:8279
    P
    		DSA-1851 gst-plugins-bad0.10 -- integer overflow
    2014-06-23
    oval:org.mitre.oval:def:8306
    P
    		DSA-1850 libmodplug -- several vulnerabilities
    2014-06-23
    oval:org.debian:def:1851
    V
    		integer overflow
    2009-08-06
    oval:org.debian:def:1850
    V
    		several vulnerabilities
    2009-08-04
    BACK
    konstanty_bialkowski libmodplug 0.8
    konstanty_bialkowski libmodplug 0.8.4
    konstanty_bialkowski libmodplug *