CVE-2009-1438

Public Date:
2008-02-25
CWE:
CWE-190
Bugzilla:
496834: CVE-2009-1438: libmodplug: Integer overflow in the MED files loading routine

The MITRE CVE dictionary describes this issue as:

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Find out more about CVE-2009-1438 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue.

For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.