Nom du paquet
libmodplug
Date
2013-09-13
Advisory ID
MDVSA-2013:232
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in
libmodplug:

An integer overflow within the abc_set_parts() function
(src/load_abc.cpp) can be exploited to corrupt heap memory via a
specially crafted ABC file (CVE-2013-4233).

An error within the abc_MIDI_drum() and abc_MIDI_gchord() functions
(src/load_abc.cpp) can be exploited to cause a buffer overflow via
a specially crafted ABC file (CVE-2013-4234).

The updated packages have been patched to correct these issues.

Updated packages

MBS1 x86_64

 ae24c113e7c571f585af044ba307f698  mbs1/x86_64/lib64modplug1-0.8.8.4-2.1.mbs1.x86_64.rpm
 e1f3732a939563bf270dcc0560a40c2d  mbs1/x86_64/lib64modplug-devel-0.8.8.4-2.1.mbs1.x86_64.rpm 
 af8ea54fb4ec2bc03442a8779b58a695  mbs1/SRPMS/libmodplug-0.8.8.4-2.1.mbs1.src.rpm

References