Security Hero Rotating Header Image

1438 (libmodplug)

CVE-2009-1438 (libmodplug)

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow.


Leave a Reply

Your email address will not be published. Required fields are marked *