Bug 224032

Summary: CVE-2006-4192 Heap overflow in modplug gstreamer plugin
Product: Red Hat Enterprise Linux 4 Reporter: Lubomir Kundrak <lkundrak>
Component: gstreamer-pluginsAssignee: Monty <cmontgom>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 4.4CC: bnocera, kem
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://aluigi.altervista.org/adv/mptho-adv.txt
Whiteboard: impact=low,source=debian,public=20061006,reported=20070122
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-01 14:24:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 497154    
Attachments:
Description Flags
Upstream patch for CVE-2006-4192 modplug heap overflow
none
Reproducer for CVE-2006-4192 modplug heap overflow none

Description Lubomir Kundrak 2007-01-23 18:47:25 UTC 
Description of problem:

gstreamer-plugins contains a copy of code that was affected by
CVE-2006-4192, potential heap overflow in
gst/modplug/libmodplug/sndfile.cpp:ReadSample().

The original advisory is here:
http://aluigi.altervista.org/adv/mptho-adv.txt

Version-Release number of selected component (if applicable):

RHEL-3, RHEL-4

How reproducible:

Did not try to reproduce. The advisory contains the POC that should be
able to generate reproducers.

Additional info:

Upstream bug, with fix:
http://bugzilla.gnome.org/show_bug.cgi?id=385788

Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407956

Fixes for the original issue:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch?view=markup
http://modplug.svn.sourceforge.net/viewvc/modplug/trunk/OpenMPT/soundlib/Sndfile.cpp?r1=156&r2=163
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383574
Comment 1 Lubomir Kundrak 2007-01-23 18:47:26 UTC 
Created attachment 146331 [details]
Upstream patch for CVE-2006-4192 modplug heap overflow
Comment 2 Lubomir Kundrak 2007-01-23 18:50:42 UTC 
Created attachment 146333 [details]
Reproducer for CVE-2006-4192 modplug heap overflow

This issue is the "Second Attack" mentioned in the POC code.
Comment 3 Bastien Nocera 2007-02-01 14:24:59 UTC 
From the patch:
+gst-plugins-bad0.10 (0.10.3-3.1) unstable; urgency=high

We don't ship the "-bad" plugins of GStreamer, nor do we intend to, so not a
problem there.