----------------------------------------------------------------------

The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.

Read more and request a free trial:
http://secunia.com/products/corporate/vim/

----------------------------------------------------------------------

TITLE:
libmodplug Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA45131

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45131/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45131

RELEASE DATE:
2011-08-03

DISCUSS ADVISORY:
http://secunia.com/advisories/45131/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
 * Last Update
 * Popularity
 * Comments
 * Criticality Level
 * Impact
 * Where
 * Solution Status
 * Operating System / Software
 * CVE Reference(s)

http://secunia.com/advisories/45131/

ONLY AVAILABLE IN CUSTOMER AREA:
 * Authentication Level
 * Report Reliability
 * Secunia PoC
 * Secunia Analysis
 * Systems Affected
 * Approve Distribution
 * Remediation Status
 * Secunia CVSS Score
 * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=45131

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
 * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
Some vulnerabilities have been reported in libmodplug, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.

1) An integer overflow error exists within the
"CSoundFile::ReadWav()" function (src/load_wav.cpp) when processing
certain WAV files. This can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a specially crafted WAV
file.

2) Boundary errors within the "CSoundFile::ReadS3M()" function
(src/load_s3m.cpp) when processing S3M files can be exploited to
cause stack-based buffer overflows by tricking a user into opening a
specially crafted S3M file.

3) An off-by-one error within the "CSoundFile::ReadAMS()" function
(src/load_ams.cpp) can be exploited to cause a stack corruption by
tricking a user into opening a specially crafted AMS file.

4) An off-by-one error within the "CSoundFile::ReadDSM()" function
(src/load_dms.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted DSM file.

5) An off-by-one error within the "CSoundFile::ReadAMS2()" function
(src/load_ams.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted AMS file.

The vulnerabilities are reported in version 0.8.8.3. Other versions
may also be affected.

SOLUTION:
Fixed in the GIT repository. Update to version 0.8.8.4 when
available.

Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

PROVIDED AND/OR DISCOVERED BY:
1-3) Hossein Lotfi via Secunia.
4, 5) Reported by the vendor.

ORIGINAL ADVISORY:
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=2d4c56de314ab13e4437bd8b609f0b751066eee8
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=26243ab9fe1171f70053e9aec4b20e9f7de9e4ef
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=16d7a78efe14d345a6c5b241f88422ad0ee483ea

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------