CVE-2006-4192

Publication date 16 August 2006

Last updated 24 July 2024

Ubuntu priority

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gst-plugins-bad0.10	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life
libmodplug	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Fixed 1:0.7-5ubuntu0.6.06.1
	6.06 LTS dapper	Fixed 1:0.7-5ubuntu0.6.06.1

Notes

jdstrand

gst-plugins-bad0.10 fixed in Debian 0.10.3-3.1

References

Related Ubuntu Security Notices (USN)

USN-521-1
libmodplug vulnerability
27 September 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2006-4192