Security Hero Rotating Header Image

1438 (libmodplug)

CVE-2009-1438 (libmodplug)

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1438

Leave a Reply

Your email address will not be published. Required fields are marked *