CVE-2009-1438
published 2009-04-27CVE-2009-1438: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products…
PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.67%
90.6th percentile
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmodplug | < libmodplug 1:0.8.7-1 (bookworm) | libmodplug 1:0.8.7-1 (bookworm) |
| konstanty_bialkowski | libmodplug | <= 0.8.5 | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2↗
urlhttp://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bf7ccbe0f8fd834ef186e5c266e40acaadf5536d↗
- →Trigger is a crafted MED (Amiga MED/OctaMED tracker) file with an oversized song comment or song name field causing an integer overflow in CSoundFile::ReadMed, leading to heap-based buffer overflow. Inspect MED files for abnormally large song comment or song name length fields. ↗
- →Vulnerability is in the CSoundFile::ReadMed function within src/load_med.cpp of libmodplug. Monitor process loading of .med files by media players or GStreamer-based applications using libmodplug versions prior to 0.8.6. ↗
- ·Red Hat assessed that arbitrary code execution is NOT possible in their shipped versions of gstreamer-plugins (RHEL 3 and 4) due to additional bounds checks already present in the code; impact is limited to application crash only. ↗
- ·This issue does NOT affect gstreamer-plugins-good as shipped with Red Hat Enterprise Linux 5; only gstreamer-plugins (RHEL 3 and 4) are affected. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libmodplug vulnerabilities
vendor_ubuntu·2009-05-07·CVSS 7.5
CVE-2009-1438 [HIGH] libmodplug vulnerabilities
Title: libmodplug vulnerabilities
Summary: libmodplug vulnerabilities
It was discovered that libmodplug did not correctly handle certain
parameters when parsing MED media files. If a user or automated system were
tricked into opening a crafted MED file, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-1438)
Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not
correctly handle long instrument names when parsing PAT sample files. If a
user or automated system were tricked into opening a crafted PAT file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 9.04. (CVE-2009-1513)
Instructions: In general, a standard system
Debian
CVE-2009-1438: libmodplug - Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmo...
vendor_debian·2009·CVSS 7.5
CVE-2009-1438 [HIGH] CVE-2009-1438: libmodplug - Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmo...
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Scope: local
bookworm: resolved (fixed in 1:0.8.7-1)
bullseye: resolved (fixed in 1:0.8.7-1)
forky: resolved (fixed in 1:0.8.7-1)
sid: resolved (fixed in 1:0.8.7-1)
trixie: resolved (fixed in 1:0.8.7-1)
Red Hat
libmodplug: Integer overflow in the MED files loading routine
vendor_redhat·2008-02-25·CVSS 7.5
CVE-2009-1438 [HIGH] CWE-190 libmodplug: Integer overflow in the MED files loading routine
libmodplug: Integer overflow in the MED files loading routine
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Statement: The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue.
For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438
GHSA
GHSA-v7cc-2p5c-5943: Integer overflow in the CSoundFile::ReadMed function (src/load_med
ghsa_unreviewed·2022-05-02
CVE-2009-1438 [HIGH] GHSA-v7cc-2p5c-5943: Integer overflow in the CSoundFile::ReadMed function (src/load_med
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
OSV
CVE-2009-1438: Integer overflow in the CSoundFile::ReadMed function (src/load_med
osv·2009-04-27·CVSS 7.5
CVE-2009-1438 [HIGH] CVE-2009-1438: Integer overflow in the CSoundFile::ReadMed function (src/load_med
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
VulnCheck
Multiple Products libmodplug MED File Vulnerability
vulncheck·2009·CVSS 7.5
CVE-2009-1438 [HIGH] Multiple Products libmodplug MED File Vulnerability
Multiple Products libmodplug MED File Vulnerability
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
Affected: konstanty_bialkowski libmodplug
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2009-1438; https://www.cve.org/CVERecord?id=CVE-2009-1438
No detection rules found.
No public exploits indexed.
http://bugs.gentoo.org/show_bug.cgi?id=266913http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&%3Br2=1.2http://osvdb.org/53801http://secunia.com/advisories/34797http://secunia.com/advisories/34930http://secunia.com/advisories/35026http://secunia.com/advisories/35685http://secunia.com/advisories/35736http://secunia.com/advisories/36158http://secunia.com/advisories/36183http://security.gentoo.org/glsa/glsa-200907-07.xmlhttp://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275http://www.debian.org/security/2009/dsa-1850http://www.debian.org/security/2009/dsa-1851http://www.mandriva.com/security/advisories?name=MDVSA-2009:128http://www.openwall.com/lists/oss-security/2009/04/21/4http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.htmlhttp://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.htmlhttp://www.securityfocus.com/bid/30801http://www.ubuntu.com/usn/USN-771-1http://www.vupen.com/english/advisories/2009/1104https://bugzilla.redhat.com/show_bug.cgi?id=496834https://exchange.xforce.ibmcloud.com/vulnerabilities/50388http://bugs.gentoo.org/show_bug.cgi?id=266913http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&%3Br2=1.2http://osvdb.org/53801http://secunia.com/advisories/34797http://secunia.com/advisories/34930http://secunia.com/advisories/35026http://secunia.com/advisories/35685http://secunia.com/advisories/35736http://secunia.com/advisories/36158http://secunia.com/advisories/36183http://security.gentoo.org/glsa/glsa-200907-07.xmlhttp://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275http://www.debian.org/security/2009/dsa-1850http://www.debian.org/security/2009/dsa-1851http://www.mandriva.com/security/advisories?name=MDVSA-2009:128http://www.openwall.com/lists/oss-security/2009/04/21/4http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00907.htmlhttp://www.redhat.com/archives/fedora-package-announce/2009-April/msg00908.htmlhttp://www.securityfocus.com/bid/30801http://www.ubuntu.com/usn/USN-771-1http://www.vupen.com/english/advisories/2009/1104https://bugzilla.redhat.com/show_bug.cgi?id=496834https://exchange.xforce.ibmcloud.com/vulnerabilities/50388
2009-04-27
Published
Exploited in the wild