CVE-2006-4046
published 2006-08-09CVE-2006-4046: Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.49%
96.2th percentile
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocp | < ocp 0.1.10rc6-1 (bookworm) | ocp 0.1.10rc6-1 (bookworm) |
| open_cubic_player | open_cubic_player | <= 0.1.10_rc5 | — |
| open_cubic_player | open_cubic_player | <= 2.60_pre6 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3cp6-v2rc-5px8: Multiple stack-based buffer overflows in Open Cubic Player 2
ghsa_unreviewed·2022-05-01
CVE-2006-4046 [HIGH] GHSA-3cp6-v2rc-5px8: Multiple stack-based buffer overflows in Open Cubic Player 2
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
OSV
CVE-2006-4046: Multiple stack-based buffer overflows in Open Cubic Player 2
osv·2006-08-09·CVSS 7.5
CVE-2006-4046 [HIGH] CVE-2006-4046: Multiple stack-based buffer overflows in Open Cubic Player 2
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
Debian
CVE-2006-4046: ocp - Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier...
vendor_debian·2006·CVSS 7.5
CVE-2006-4046 [HIGH] CVE-2006-4046: ocp - Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier...
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
Scope: local
bookworm: resolved (fixed in 0.1.10rc6-1)
bullseye: resolved (fixed in 0.1.10rc6-1)
forky: resolved (fixed in 0.1.10rc6-1)
sid: resolved (fixed in 0.1.10rc6-1)
trixie: resolved (fixed in 0.1.10rc6-1)
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/ocpbof-adv.txthttp://secunia.com/advisories/21267http://securityreason.com/securityalert/1349http://securitytracker.com/id?1016611http://www.securityfocus.com/archive/1/441730/100/100/threadedhttp://www.securityfocus.com/bid/19262http://www.vupen.com/english/advisories/2006/3078https://exchange.xforce.ibmcloud.com/vulnerabilities/28103https://exchange.xforce.ibmcloud.com/vulnerabilities/28104https://exchange.xforce.ibmcloud.com/vulnerabilities/28105https://exchange.xforce.ibmcloud.com/vulnerabilities/28106https://www.exploit-db.com/exploits/2094http://aluigi.altervista.org/adv/ocpbof-adv.txthttp://secunia.com/advisories/21267http://securityreason.com/securityalert/1349http://securitytracker.com/id?1016611http://www.securityfocus.com/archive/1/441730/100/100/threadedhttp://www.securityfocus.com/bid/19262http://www.vupen.com/english/advisories/2006/3078https://exchange.xforce.ibmcloud.com/vulnerabilities/28103https://exchange.xforce.ibmcloud.com/vulnerabilities/28104https://exchange.xforce.ibmcloud.com/vulnerabilities/28105https://exchange.xforce.ibmcloud.com/vulnerabilities/28106https://www.exploit-db.com/exploits/2094
2006-08-09
Published