CVE-2007-6720 — Libmikmod vulnerability

8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 21.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Raphael Assenat Libmikmod Debian Libmikmod Debian Sdl-mixer1.2 +1 more

Timeline

PublishedJan 20

Latest updateMay 1

Description

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/libmikmod< libmikmod 3.1.11-6.1 (bookworm)

▶Debianraphael_assenat/libmikmod< 3.1.11-6.1+3

▶NVDigno_saitz/libmikmod19 versions+18

▶debiandebian/sdl-mixer1.2< libmikmod 3.1.11-6.1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-ggqw-hm64-w646: libmikmod 3↗2022-05-01

▶

OSV

CVE-2007-6720: libmikmod 3↗2009-01-20

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)↗2015-08-21

▶

📋Vendor Advisories

Ubuntu

libMikMod vulnerabilities↗2010-09-29

▶

Red Hat

mikmod: crash or abort when loading/playing multiple files with different number of channels↗2008-01-19

▶

Debian

CVE-2007-6720: libmikmod - libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other ...↗2007

▶

💬Community

Bugzilla

CVE-2007-6720 mikmod: crash or abort when loading/playing multiple files with different number of channels↗2009-01-13

▶