CVE-2009-3995
published 2009-12-18CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.72%
93.1th percentile
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Affected
96 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmikmod | < libmikmod 3.1.11-6.3 (bookworm) | libmikmod 3.1.11-6.3 (bookworm) |
| debian | libmikmod | < libmikmod 3.1.11-6.2 (bookworm) | libmikmod 3.1.11-6.2 (bookworm) |
| nullsoft | winamp | <= 5.56 | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libMikMod vulnerabilities
vendor_ubuntu·2010-09-29·CVSS 4.3
CVE-2009-3995 [MEDIUM] libMikMod vulnerabilities
Title: libMikMod vulnerabilities
It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)
It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)
It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)
It was discovered
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2010-2546 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Package: mikmod (Red Hat Enterprise Linux 4) - Affected
Package: mikmod (Red Hat Enterprise Linux 5) - Affected
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Package: mikmod (Red Hat Enterprise Linux 4) - Affected
Package: mikmod (Red Hat Enterprise Linux 5) - Affected
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2009-3995 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Debian
CVE-2010-2546: libmikmod - Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly...
vendor_debian·2010·CVSS 9.3
CVE-2010-2546 [CRITICAL] CVE-2010-2546: libmikmod - Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly...
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.3)
bullseye: resolved (fixed in 3.1.11-6.3)
forky: resolved (fixed in 3.1.11-6.3)
sid: resolved (fixed in 3.1.11-6.3)
trixie: resolved (fixed in 3.1.11-6.3)
Debian
CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
vendor_debian·2010·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.3)
bullseye: resolved (fixed in 3.1.11-6.3)
forky: resolved (fixed in 3.1.11-6.3)
sid: resolved (fixed in 3.1.11-6.3)
trixie: resolved (fixed in 3.1.11-6.3)
Debian
CVE-2009-3995: libmikmod - Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-...
vendor_debian·2009·CVSS 9.3
CVE-2009-3995 [CRITICAL] CVE-2009-3995: libmikmod - Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-...
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.2)
bullseye: resolved (fixed in 3.1.11-6.2)
forky: resolved (fixed in 3.1.11-6.2)
sid: resolved (fixed in 3.1.11-6.2)
trixie: resolved (fixed in 3.1.11-6.2)
GHSA
GHSA-5mrv-fmm3-qm6f: Multiple heap-based buffer overflows in loaders/load_it
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2546 [CRITICAL] CWE-119 GHSA-5mrv-fmm3-qm6f: Multiple heap-based buffer overflows in loaders/load_it
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
GHSA
GHSA-7xx4-x85v-pc9j: loaders/load_it
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2971 [CRITICAL] CWE-119 GHSA-7xx4-x85v-pc9j: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
GHSA
GHSA-8mrg-3q2c-8376: Multiple heap-based buffer overflows in IN_MOD
ghsa_unreviewed·2022-05-02
CVE-2009-3995 [HIGH] CWE-119 GHSA-8mrg-3q2c-8376: Multiple heap-based buffer overflows in IN_MOD
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
OSV
CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it
osv·2010-08-05·CVSS 9.3
CVE-2010-2546 [CRITICAL] CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
OSV
CVE-2010-2971: loaders/load_it
osv·2010-08-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
OSV
CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD
osv·2009-12-18·CVSS 9.3
CVE-2009-3995 [CRITICAL] CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
bugzilla·2010-07-14·CVSS 9.3
CVE-2009-3995 [CRITICAL] CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
Multiple heap-based buffer overflow vulnerabilities were found in libmikmod. These flaws could allow a remote attacker able to coerce a local user using an application linked against libmikmod, to open an Impulse Tracker, crafted samples, or an Ultratracker file, to execute arbitrary code with the privileges of the user running the application.
CVE-2009-3995:
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from t
Bugzilla
CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files [fedora-all]
bugzilla·2010-07-14·CVSS 9.3
CVE-2009-3995 [CRITICAL] CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files [fedora-all]
CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&b
http://forums.winamp.com/showthread.php?threadid=315355http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://secunia.com/advisories/37495http://secunia.com/advisories/40799http://secunia.com/secunia_research/2009-52/http://secunia.com/secunia_research/2009-53/http://secunia.com/secunia_research/2009-55/http://www.mandriva.com/security/advisories?name=MDVSA-2010:151http://www.securityfocus.com/archive/1/508526/100/0/threadedhttp://www.securityfocus.com/archive/1/508527/100/0/threadedhttp://www.securityfocus.com/bid/37374http://www.vupen.com/english/advisories/2009/3575http://www.vupen.com/english/advisories/2010/1107http://www.vupen.com/english/advisories/2010/1957http://forums.winamp.com/showthread.php?threadid=315355http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://secunia.com/advisories/37495http://secunia.com/advisories/40799http://secunia.com/secunia_research/2009-52/http://secunia.com/secunia_research/2009-53/http://secunia.com/secunia_research/2009-55/http://www.mandriva.com/security/advisories?name=MDVSA-2010:151http://www.securityfocus.com/archive/1/508526/100/0/threadedhttp://www.securityfocus.com/archive/1/508527/100/0/threadedhttp://www.securityfocus.com/bid/37374http://www.vupen.com/english/advisories/2009/3575http://www.vupen.com/english/advisories/2010/1107http://www.vupen.com/english/advisories/2010/1957
2009-12-18
Published