Summary
| Detail | |||
|---|---|---|---|
| Vendor | Raphael Assenat | First view | 2009-12-18 |
| Product | Libmikmod | Last view | 2010-08-05 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2010-08-05 | CVE-2010-2971 | loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. |
| 9.3 | 2010-08-05 | CVE-2010-2546 | Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. |
| 9.3 | 2009-12-18 | CVE-2009-3996 | Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. |
| 9.3 | 2009-12-18 | CVE-2009-3995 | Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:12580 | DSA-2081-1 libmikmod -- buffer overflow |
| oval:org.mitre.oval:def:26432 | Multiple heap-based buffer overflows in IN_MOD.DLL in Winamp before 5.57 |
| oval:org.mitre.oval:def:22080 | RHSA-2010:0720: mikmod security update (Moderate) |
| oval:org.mitre.oval:def:13470 | USN-995-1 -- libmikmod vulnerabilities |
| oval:org.mitre.oval:def:13301 | DSA-2071-1 libmikmod -- buffer overflows |
| oval:org.mitre.oval:def:11794 | DSA-2071 libmikmod -- buffer overflows |
| oval:org.mitre.oval:def:23114 | ELSA-2010:0720: mikmod security update (Moderate) |
| oval:org.mitre.oval:def:26230 | Heap-based buffer overflow in IN_MOD.DLL in Winamp before 5.57 |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62139 | Mikmod libmikmod load_ult.c Ultratracker File Handling Overflow |
| 62138 | Mikmod libmikmod load_it.c Impulse Tracker File Handling Overflow |
| 61184 | Winamp Module Decoder Plug-in Multiple File Handling Overflows |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-10 (libmikmod) File : nvt/glsa_201203_10.nasl |
| 2011-08-09 | Name : CentOS Update for mikmod CESA-2010:0720 centos5 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos5_i386.nasl |
| 2010-12-02 | Name : Fedora Update for libmikmod FEDORA-2010-13673 File : nvt/gb_fedora_2010_13673_libmikmod_fc14.nasl |
| 2010-10-01 | Name : CentOS Update for mikmod CESA-2010:0720 centos3 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos3_i386.nasl |
| 2010-10-01 | Name : CentOS Update for mikmod CESA-2010:0720 centos4 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos4_i386.nasl |
| 2010-10-01 | Name : RedHat Update for mikmod RHSA-2010:0720-01 File : nvt/gb_RHSA-2010_0720-01_mikmod.nasl |
| 2010-10-01 | Name : Ubuntu Update for libmikmod vulnerabilities USN-995-1 File : nvt/gb_ubuntu_USN_995_1.nasl |
| 2010-09-10 | Name : Fedora Update for libmikmod FEDORA-2010-13702 File : nvt/gb_fedora_2010_13702_libmikmod_fc13.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2081-1 (libmikmod) File : nvt/deb_2081_1.nasl |
| 2010-08-20 | Name : Mandriva Update for libmikmod MDVSA-2010:151 (libmikmod) File : nvt/gb_mandriva_MDVSA_2010_151.nasl |
| 2010-07-22 | Name : Debian Security Advisory DSA 2071-1 (libmikmod) File : nvt/deb_2071_1.nasl |
| 2009-12-23 | Name : Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities File : nvt/secpod_winamp_mult_bof_vuln_dec09.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0720.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100928_mikmod_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2012-03-06 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201203-10.nasl - Type: ACT_GATHER_INFO |
| 2010-12-02 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_libmikmod-100422.nasl - Type: ACT_GATHER_INFO |
| 2010-10-11 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_libmikmod-7004.nasl - Type: ACT_GATHER_INFO |
| 2010-10-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2010-0720.nasl - Type: ACT_GATHER_INFO |
| 2010-10-06 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2010-0720.nasl - Type: ACT_GATHER_INFO |
| 2010-10-06 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-995-1.nasl - Type: ACT_GATHER_INFO |
| 2010-09-09 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13702.nasl - Type: ACT_GATHER_INFO |
| 2010-09-08 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13673.nasl - Type: ACT_GATHER_INFO |
| 2010-08-17 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2010-151.nasl - Type: ACT_GATHER_INFO |
| 2010-08-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2081.nasl - Type: ACT_GATHER_INFO |
| 2010-07-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2071.nasl - Type: ACT_GATHER_INFO |
| 2010-05-05 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_libmikmod-100422.nasl - Type: ACT_GATHER_INFO |
| 2010-05-05 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_libmikmod-100422.nasl - Type: ACT_GATHER_INFO |
| 2010-05-05 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_libmikmod-100422.nasl - Type: ACT_GATHER_INFO |
| 2009-12-17 | Name: The remote Windows host contains a multimedia application that is affected by... File: winamp_557.nasl - Type: ACT_GATHER_INFO |
