cbcvebase.
CVE-2006-4192
published 2006-08-17

CVE-2006-4192: Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products…

PriorityP335medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.33%
94.2th percentile
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianlibmodplug< libmodplug 1:0.7-5.2 (bookworm)libmodplug 1:0.7-5.2 (bookworm)
konstanty_bialkowskilibmodplug>= 0 < 1:0.7-5.21:0.7-5.2
konstanty_bialkowskilibmodplug>= 0 < 1:0.7-5.21:0.7-5.2
konstanty_bialkowskilibmodplug>= 0 < 1:0.7-5.21:0.7-5.2
konstanty_bialkowskilibmodplug>= 0 < 1:0.7-5.21:0.7-5.2
modplugtracker<= 1.17.02.43

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.