CVE-2010-2546
published 2010-08-05CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.72%
93.1th percentile
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmikmod | < libmikmod 3.1.11-6.3 (bookworm) | libmikmod 3.1.11-6.3 (bookworm) |
| raphael_assenat | libmikmod | — | — |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libMikMod vulnerabilities
vendor_ubuntu·2010-09-29·CVSS 4.3
CVE-2009-3995 [MEDIUM] libMikMod vulnerabilities
Title: libMikMod vulnerabilities
It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)
It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)
It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)
It was discovered
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2010-2546 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Package: mikmod (Red Hat Enterprise Linux 4) - Affected
Package: mikmod (Red Hat Enterprise Linux 5) - Affected
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Package: mikmod (Red Hat Enterprise Linux 4) - Affected
Package: mikmod (Red Hat Enterprise Linux 5) - Affected
Debian
CVE-2010-2546: libmikmod - Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly...
vendor_debian·2010·CVSS 9.3
CVE-2010-2546 [CRITICAL] CVE-2010-2546: libmikmod - Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly...
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.3)
bullseye: resolved (fixed in 3.1.11-6.3)
forky: resolved (fixed in 3.1.11-6.3)
sid: resolved (fixed in 3.1.11-6.3)
trixie: resolved (fixed in 3.1.11-6.3)
Debian
CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
vendor_debian·2010·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.3)
bullseye: resolved (fixed in 3.1.11-6.3)
forky: resolved (fixed in 3.1.11-6.3)
sid: resolved (fixed in 3.1.11-6.3)
trixie: resolved (fixed in 3.1.11-6.3)
GHSA
GHSA-5mrv-fmm3-qm6f: Multiple heap-based buffer overflows in loaders/load_it
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2546 [CRITICAL] CWE-119 GHSA-5mrv-fmm3-qm6f: Multiple heap-based buffer overflows in loaders/load_it
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
GHSA
GHSA-7xx4-x85v-pc9j: loaders/load_it
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2971 [CRITICAL] CWE-119 GHSA-7xx4-x85v-pc9j: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
OSV
CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it
osv·2010-08-05·CVSS 9.3
CVE-2010-2546 [CRITICAL] CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
OSV
CVE-2010-2971: loaders/load_it
osv·2010-08-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/40799http://secunia.com/advisories/48244http://security.gentoo.org/glsa/glsa-201203-10.xmlhttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227http://www.debian.org/security/2010/dsa-2081http://www.mandriva.com/security/advisories?name=MDVSA-2010:151http://www.securityfocus.com/bid/41917http://www.vupen.com/english/advisories/2010/1957https://bugzilla.redhat.com/show_bug.cgi?id=614643http://secunia.com/advisories/40799http://secunia.com/advisories/48244http://security.gentoo.org/glsa/glsa-201203-10.xmlhttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227http://www.debian.org/security/2010/dsa-2081http://www.mandriva.com/security/advisories?name=MDVSA-2010:151http://www.securityfocus.com/bid/41917http://www.vupen.com/english/advisories/2010/1957https://bugzilla.redhat.com/show_bug.cgi?id=614643
2010-08-05
Published