GNOME Bugzilla – Bug 385788
[SECURITY] buffer overflows in modplug
Last modified: 2006-12-14 15:45:54 UTC
From http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192: "Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files." Fix seems to be to update our copy of libmodplug; better fix probably involves not having that code in our CVS.
> Fix seems to be to update our copy of libmodplug Even though the advisory is from 09-08-2006, it doesn't seem to be fixed in their SVN as far as I can tell, at least not the CSoundFile::ReadSample() issue if it is real: http://aluigi.altervista.org/adv/mptho-adv.txt http://modplug.svn.sourceforge.net/viewvc/modplug/trunk/OpenMPT/soundlib/Sndfile.cpp?view=log > better fix probably involves not having that code in our CVS Do you know why that is anyway? Surely there is a reason why we don't link to an external lib?
Fixed in CVS: 2006-12-14 Tim-Philipp Müller <tim at centricular dot net> * gst/modplug/libmodplug/sndfile.cpp: Fix potential buffer overflow (CVE-2006-4192) (#385788). Can't say I fully understand the fix, but all of Gentoo debian and RH seem to use this to fix this issue, so I guess there must be something to it. See e.g.: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383574 http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch?view=markup