CVE-2009-1513
published 2009-05-04CVE-2009-1513: Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.11%
89.5th percentile
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmodplug | < libmodplug 1:0.8.7-1 (bookworm) | libmodplug 1:0.8.7-1 (bookworm) |
| konstanty_bialkowski | libmodplug | <= 0.8.6 | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.7-1 | 1:0.8.7-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3rv-m7w5-j5w5: Buffer overflow in the PATinst function in src/load_pat
ghsa_unreviewed·2022-05-02
CVE-2009-1513 [MEDIUM] CWE-119 GHSA-h3rv-m7w5-j5w5: Buffer overflow in the PATinst function in src/load_pat
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
OSV
CVE-2009-1513: Buffer overflow in the PATinst function in src/load_pat
osv·2009-05-04·CVSS 6.8
CVE-2009-1513 [MEDIUM] CVE-2009-1513: Buffer overflow in the PATinst function in src/load_pat
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Ubuntu
libmodplug vulnerabilities
vendor_ubuntu·2009-05-07·CVSS 7.5
CVE-2009-1438 [HIGH] libmodplug vulnerabilities
Title: libmodplug vulnerabilities
Summary: libmodplug vulnerabilities
It was discovered that libmodplug did not correctly handle certain
parameters when parsing MED media files. If a user or automated system were
tricked into opening a crafted MED file, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-1438)
Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not
correctly handle long instrument names when parsing PAT sample files. If a
user or automated system were tricked into opening a crafted PAT file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 9.04. (CVE-2009-1513)
Instructions: In general, a standard system
Red Hat
libmodplug: buffer overflow vulnerability
vendor_redhat·2009-04-21·CVSS 6.8
CVE-2009-1513 [MEDIUM] libmodplug: buffer overflow vulnerability
libmodplug: buffer overflow vulnerability
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Statement: Not vulnerable. This issue did not affect the versions of libmodplug embedded in gstreamer-plugins as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the PAT file type.
Debian
CVE-2009-1513: libmodplug - Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before...
vendor_debian·2009·CVSS 6.8
CVE-2009-1513 [MEDIUM] CVE-2009-1513: libmodplug - Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before...
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Scope: local
bookworm: resolved (fixed in 1:0.8.7-1)
bullseye: resolved (fixed in 1:0.8.7-1)
forky: resolved (fixed in 1:0.8.7-1)
sid: resolved (fixed in 1:0.8.7-1)
trixie: resolved (fixed in 1:0.8.7-1)
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms%3Ba=commitdiff%3Bh=c4ebb701be6ee9a296a44fdac5a20b7739ff0595http://osvdb.org/54109http://secunia.com/advisories/34927http://secunia.com/advisories/35026http://secunia.com/advisories/35736http://secunia.com/advisories/36158http://security.gentoo.org/glsa/glsa-200907-07.xmlhttp://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275http://www.debian.org/security/2009/dsa-1850http://www.mandriva.com/security/advisories?name=MDVSA-2009:128http://www.openwall.com/lists/oss-security/2009/04/29/5http://www.securityfocus.com/bid/34747http://www.ubuntu.com/usn/USN-771-1http://www.vupen.com/english/advisories/2009/1200http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms%3Ba=commitdiff%3Bh=c4ebb701be6ee9a296a44fdac5a20b7739ff0595http://osvdb.org/54109http://secunia.com/advisories/34927http://secunia.com/advisories/35026http://secunia.com/advisories/35736http://secunia.com/advisories/36158http://security.gentoo.org/glsa/glsa-200907-07.xmlhttp://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275http://www.debian.org/security/2009/dsa-1850http://www.mandriva.com/security/advisories?name=MDVSA-2009:128http://www.openwall.com/lists/oss-security/2009/04/29/5http://www.securityfocus.com/bid/34747http://www.ubuntu.com/usn/USN-771-1http://www.vupen.com/english/advisories/2009/1200
2009-05-04
Published