VDB
CVE-2006-4192
CVE-2006-4192
PUBLISHED
Reported by mitre · Published August 17, 2006
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Aug 17, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jun 20, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 21418 third-party-advisoryx_refsource_SECUNIA
- openmpt-readsample-bo(28309) vdb-entryx_refsource_XF
- GLSA-200612-04 vendor-advisoryx_refsource_GENTOO
- 19448 vdb-entryx_refsource_BID
- USN-521-1 vendor-advisoryx_refsource_UBUNTU
- SUSE-SR:2006:023 vendor-advisoryx_refsource_SUSE
- x_refsource_MISC
- 22658 third-party-advisoryx_refsource_SECUNIA
- 20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 mailing-listx_refsource_BUGTRAQ
- 23555 third-party-advisoryx_refsource_SECUNIA
- 22080 third-party-advisoryx_refsource_SECUNIA
- ADV-2006-4310 vdb-entryx_refsource_VUPEN
- x_refsource_CONFIRM
- MDKSA-2007:001 vendor-advisoryx_refsource_MANDRIVA
- 1397 third-party-advisoryx_refsource_SREASON
- 26979 third-party-advisoryx_refsource_SECUNIA
- RHSA-2011:0477 vendor-advisoryx_refsource_REDHAT
- 23294 third-party-advisoryx_refsource_SECUNIA
- ADV-2006-3231 vdb-entryx_refsource_VUPEN
- openmpt-loadit-bo(28305) vdb-entryx_refsource_XF
…and 1 more