CVE-2013-4233
published 2013-09-16CVE-2013-4233: Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.08%
89.4th percentile
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libmodplug | < libmodplug 1:0.8.8.4-4 (bookworm) | libmodplug 1:0.8.8.4-4 (bookworm) |
| konstanty_bialkowski | libmodplug | <= 0.8.8.4 | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | — | — |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-4 | 1:0.8.8.4-4 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-4 | 1:0.8.8.4-4 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-4 | 1:0.8.8.4-4 |
| konstanty_bialkowski | libmodplug | >= 0 < 1:0.8.8.4-4 | 1:0.8.8.4-4 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-4233: libmodplug - Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8...
vendor_debian·2013·CVSS 6.8
CVE-2013-4233 [MEDIUM] CVE-2013-4233: libmodplug - Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8...
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1:0.8.8.4-4)
bullseye: resolved (fixed in 1:0.8.8.4-4)
forky: resolved (fixed in 1:0.8.8.4-4)
sid: resolved (fixed in 1:0.8.8.4-4)
trixie: resolved (fixed in 1:0.8.8.4-4)
GHSA
GHSA-6g29-w75w-r6q5: Integer overflow in the abc_set_parts function in load_abc
ghsa_unreviewed·2022-05-17
CVE-2013-4233 [MEDIUM] GHSA-6g29-w75w-r6q5: Integer overflow in the abc_set_parts function in load_abc
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
OSV
CVE-2013-4233: Integer overflow in the abc_set_parts function in load_abc
osv·2013-09-16·CVSS 6.8
CVE-2013-4233 [MEDIUM] CVE-2013-4233: Integer overflow in the abc_set_parts function in load_abc
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/http://secunia.com/advisories/54388http://secunia.com/advisories/54695http://www.debian.org/security/2013/dsa-2751http://www.openwall.com/lists/oss-security/2013/08/10/3http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/http://secunia.com/advisories/54388http://secunia.com/advisories/54695http://www.debian.org/security/2013/dsa-2751http://www.openwall.com/lists/oss-security/2013/08/10/3
2013-09-16
Published