|Description||Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
|Debian Bugs||526657, 527075, 527076|
Vulnerable and fixed packages
The table below lists information on source packages.
|sid, trixie, bookworm, bullseye||1:0.8.9.0-3||fixed|
The information below is based on the following data on fixed versions.
gstreamer in unstable dynamically linked to external libmodplug