CVE-2006-4192

NameCVE-2006-4192
DescriptionMultiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs383574, 407956

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmodplug (PTS)sid, trixie, bookworm, bullseye1:0.8.9.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-plugins-bad0.10source(unstable)0.10.3-3.1medium407956
libmodplugsource(unstable)1:0.7-5.2medium383574
Search for package or bug name: Reporting problems