Buffer overflow in Konstanty_bialkowski Libmodplug

CVE-2013-4234

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibl…

Vulnerability class: Buffer Overflow

EPSS: 0.031 (87.0th percentile) — read the EPSS interpretation.

Affected products

Konstanty_bialkowski Libmodplug — versions 0.8, 0.8.4, 0.8.5
Debian Debian_linux — versions 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-2751 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (Exploit, x_refsource_MISC)
54388 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20130809 Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow (mailing-list, x_refsource_MLIST, Exploit)
61714 (vdb-entry, x_refsource_BID)
54695 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)