mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.0 KiB
1.0 KiB
CVE-2006-4192
Description
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
POC
Reference
- http://aluigi.altervista.org/adv/mptho-adv.txt
- http://securityreason.com/securityalert/1397
- https://bugzilla.redhat.com/show_bug.cgi?id=497154
Github
No PoCs found on GitHub currently.