Debian Libmikmod vulnerabilities

CVE-2010-2546 [CRITICAL] CVE-2010-2546: libmikmod - Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly... Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: th

CVE-2010-2971 [CRITICAL] CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t... loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomp

CVE-2009-3996 [CRITICAL] CVE-2009-3996: libmikmod - Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Win... Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. Scope: local bookworm: resolved (fixed in 3.1.11-6.2) bullseye: resolved (fixed in 3.1.11-6.2) forky: resolved (fixed in 3.1.11-6.2) sid: resolved (fixed in 3.1.11-

CVE-2009-3995 [CRITICAL] CVE-2009-3995: libmikmod - Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-... Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. Scope: local bookwo

CVE-2009-0179 [MEDIUM] CVE-2009-0179: libmikmod - libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, a... libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. Scope: local bookworm: resolved (fixed in 3.1.11-6.1) bullseye: resolved (fixed in 3.1.11-6.1) forky: resolved (fixed in 3.1.11-6.1) sid: resolved (fixed in 3.1.11-6.1) trixie: resolve

CVE-2007-6720 [MEDIUM] CVE-2007-6720: libmikmod - libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other ... libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbe

CVE-2006-3879 [MEDIUM] CVE-2006-3879: libmikmod - Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in... Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved