Package name
libmodplug
Date
2007-01-02
Advisory ID
MDKSA-2007:001
Affected versions
2007.0 x86_64 , 2007.0 i586

Problem description

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and
earlier and libmodplug 0.8 and earlier allow user-assisted remote
attackers to execute arbitrary code via (1) long strings in ITP files
used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp
and (2) crafted modules used by the CSoundFile::ReadSample function in
soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Updated packages are patched to address this issue.

Updated packages

2007.0 x86_64

 fe5b2a2b546f98922a124b4f52cbf202  2007.0/x86_64/lib64modplug0-0.7-7.1mdv2007.0.x86_64.rpm
 2b10aaf2fefcaef82512b42910d88408  2007.0/x86_64/lib64modplug0-devel-0.7-7.1mdv2007.0.x86_64.rpm 
 68181a6907f78b10d3b0c379ca3fd76b  2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm

2007.0 i586

 c710c50a92587abd6f55078af2da22e7  2007.0/i586/libmodplug0-0.7-7.1mdv2007.0.i586.rpm
 4cf79b5be35cdf2e4d22af922140d32e  2007.0/i586/libmodplug0-devel-0.7-7.1mdv2007.0.i586.rpm 
 68181a6907f78b10d3b0c379ca3fd76b  2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm

References