Bug 224032 - CVE-2006-4192 Heap overflow in modplug gstreamer plugin
CVE-2006-4192 Heap overflow in modplug gstreamer plugin
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gstreamer-plugins (Show other bugs)
4.4
All Linux
low Severity low
: ---
: ---
Assigned To: Monty
http://aluigi.altervista.org/adv/mpth...
impact=low,source=debian,public=20061...
: Security
Depends On:
Blocks: CVE-2006-4192
  Show dependency treegraph
 
Reported: 2007-01-23 13:47 EST by Lubomir Kundrak
Modified: 2013-10-20 18:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-01 09:24:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Upstream patch for CVE-2006-4192 modplug heap overflow (1010 bytes, patch)
2007-01-23 13:47 EST, Lubomir Kundrak
no flags Details | Diff
Reproducer for CVE-2006-4192 modplug heap overflow (4.13 KB, text/x-csrc)
2007-01-23 13:50 EST, Lubomir Kundrak
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 385788 None None None Never

  None (edit)
Description Lubomir Kundrak 2007-01-23 13:47:25 EST
Description of problem:

gstreamer-plugins contains a copy of code that was affected by
CVE-2006-4192, potential heap overflow in
gst/modplug/libmodplug/sndfile.cpp:ReadSample().

The original advisory is here:
http://aluigi.altervista.org/adv/mptho-adv.txt

Version-Release number of selected component (if applicable):

RHEL-3, RHEL-4

How reproducible:

Did not try to reproduce. The advisory contains the POC that should be
able to generate reproducers.

Additional info:

Upstream bug, with fix:
http://bugzilla.gnome.org/show_bug.cgi?id=385788

Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407956

Fixes for the original issue:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch?view=markup
http://modplug.svn.sourceforge.net/viewvc/modplug/trunk/OpenMPT/soundlib/Sndfile.cpp?r1=156&r2=163
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383574
Comment 1 Lubomir Kundrak 2007-01-23 13:47:26 EST
Created attachment 146331 [details]
Upstream patch for CVE-2006-4192 modplug heap overflow
Comment 2 Lubomir Kundrak 2007-01-23 13:50:42 EST
Created attachment 146333 [details]
Reproducer for CVE-2006-4192 modplug heap overflow

This issue is the "Second Attack" mentioned in the POC code.
Comment 3 Bastien Nocera 2007-02-01 09:24:59 EST
From the patch:
+gst-plugins-bad0.10 (0.10.3-3.1) unstable; urgency=high

We don't ship the "-bad" plugins of GStreamer, nor do we intend to, so not a
problem there.

Note You need to log in before you can comment on or make changes to this bug.