CVE-2006-4192
published 2006-08-17CVE-2006-4192: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products…
PriorityP335medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.33%
94.2th percentile
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmodplug | < libmodplug 1:0.7-5.2 (bookworm) | libmodplug 1:0.7-5.2 (bookworm) |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.7-5.2 | 1:0.7-5.2 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.7-5.2 | 1:0.7-5.2 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.7-5.2 | 1:0.7-5.2 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.7-5.2 | 1:0.7-5.2 |
| modplug | tracker | <= 1.17.02.43 | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-whr7-mq2r-hhmm: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1
ghsa_unreviewed·2022-05-01
CVE-2006-4192 [MEDIUM] GHSA-whr7-mq2r-hhmm: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
OSV
CVE-2006-4192: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1
osv·2006-08-17·CVSS 5.1
CVE-2006-4192 [MEDIUM] CVE-2006-4192: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Ubuntu
libmodplug vulnerability
vendor_ubuntu·2007-09-27
CVE-2006-4192 libmodplug vulnerability
Title: libmodplug vulnerability
Summary: libmodplug vulnerability
Luigi Auriemma discovered that libmodplug did not properly sanitize
its input. A specially crafted AMF file could be used to exploit this
situation to cause buffer overflows and possibly execute arbitrary code
as the user.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libmodplug: Integer overflow when reading samples of AMF files
vendor_redhat·2006-10-06·CVSS 5.1
CVE-2006-4192 [MEDIUM] CWE-190 libmodplug: Integer overflow when reading samples of AMF files
libmodplug: Integer overflow when reading samples of AMF files
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Debian
CVE-2006-4192: libmodplug - Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier an...
vendor_debian·2006·CVSS 5.1
CVE-2006-4192 [MEDIUM] CVE-2006-4192: libmodplug - Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier an...
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Scope: local
bookworm: resolved (fixed in 1:0.7-5.2)
bullseye: resolved (fixed in 1:0.7-5.2)
forky: resolved (fixed in 1:0.7-5.2)
sid: resolved (fixed in 1:0.7-5.2)
trixie: resolved (fixed in 1:0.7-5.2)
No detection rules found.
Bugzilla
CVE-2006-4192 libmodplug: Integer overflow when reading samples of AMF files
bugzilla·2009-04-22·CVSS 5.1
CVE-2006-4192 [MEDIUM] CVE-2006-4192 libmodplug: Integer overflow when reading samples of AMF files
CVE-2006-4192 libmodplug: Integer overflow when reading samples of AMF files
An integer overflow flaw, leading to heap-based buffer overflow was found
in the routine reading samples of music files used by the Modplug mod music
file format library (libmodplug). An attacker could create a specially-crafted
Advanced Module Format Music (AMF) file, that could cause an application utilizing the libmodplug library to crash, or, to potentially execute arbitrary
code as the user running the application, when opened by the victim.
Discussion:
Upstream patch against gstreamer-plugins-bad:
http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac
---
This issue affects the versions of the gstreamer-plugins package, as shipped
with Red Hat Enterpri
Bugzilla
CVE-2006-4192 Heap overflow in modplug gstreamer plugin
bugzilla·2007-01-23·CVSS 5.1
CVE-2006-4192 [MEDIUM] CVE-2006-4192 Heap overflow in modplug gstreamer plugin
CVE-2006-4192 Heap overflow in modplug gstreamer plugin
Description of problem:
gstreamer-plugins contains a copy of code that was affected by
CVE-2006-4192, potential heap overflow in
gst/modplug/libmodplug/sndfile.cpp:ReadSample().
The original advisory is here:
http://aluigi.altervista.org/adv/mptho-adv.txt
Version-Release number of selected component (if applicable):
RHEL-3, RHEL-4
How reproducible:
Did not try to reproduce. The advisory contains the POC that should be
able to generate reproducers.
Additional info:
Upstream bug, with fix:
http://bugzilla.gnome.org/show_bug.cgi?id=385788
Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407956
Fixes for the original issue:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libmodplug/files/libmodplug-0.8-CV
http://aluigi.altervista.org/adv/mptho-adv.txthttp://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3achttp://secunia.com/advisories/21418http://secunia.com/advisories/22080http://secunia.com/advisories/22658http://secunia.com/advisories/23294http://secunia.com/advisories/23555http://secunia.com/advisories/26979http://security.gentoo.org/glsa/glsa-200612-04.xmlhttp://securityreason.com/securityalert/1397http://www.mandriva.com/security/advisories?name=MDKSA-2007:001http://www.novell.com/linux/security/advisories/2006_23_sr.htmlhttp://www.securityfocus.com/archive/1/442721/100/100/threadedhttp://www.securityfocus.com/bid/19448http://www.ubuntu.com/usn/usn-521-1http://www.vupen.com/english/advisories/2006/3231http://www.vupen.com/english/advisories/2006/4310https://bugzilla.redhat.com/show_bug.cgi?id=497154https://exchange.xforce.ibmcloud.com/vulnerabilities/28305https://exchange.xforce.ibmcloud.com/vulnerabilities/28309https://rhn.redhat.com/errata/RHSA-2011-0477.htmlhttp://aluigi.altervista.org/adv/mptho-adv.txthttp://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3achttp://secunia.com/advisories/21418http://secunia.com/advisories/22080http://secunia.com/advisories/22658http://secunia.com/advisories/23294http://secunia.com/advisories/23555http://secunia.com/advisories/26979http://security.gentoo.org/glsa/glsa-200612-04.xmlhttp://securityreason.com/securityalert/1397http://www.mandriva.com/security/advisories?name=MDKSA-2007:001http://www.novell.com/linux/security/advisories/2006_23_sr.htmlhttp://www.securityfocus.com/archive/1/442721/100/100/threadedhttp://www.securityfocus.com/bid/19448http://www.ubuntu.com/usn/usn-521-1http://www.vupen.com/english/advisories/2006/3231http://www.vupen.com/english/advisories/2006/4310https://bugzilla.redhat.com/show_bug.cgi?id=497154https://exchange.xforce.ibmcloud.com/vulnerabilities/28305https://exchange.xforce.ibmcloud.com/vulnerabilities/28309https://rhn.redhat.com/errata/RHSA-2011-0477.html
2006-08-17
Published