Red Hat Bugzilla – Bug 995578
CVE-2013-4233 CVE-2013-4234 libmodplug: ABC file parsing vulnerabilities
Last modified: 2015-02-26 18:22:37 EST
It was reportec , that libmodplug suffers from two flaws when parsing ABC files:
1) An error within the "abc_MIDI_drum()" function (src/load_abc.cpp) can be exploited to cause a buffer overflow via a specially crafted ABC file.
2) An integer overflow within the "abc_set_parts()" function (src/load_abc.cpp) can be exploited to corrupt heap memory via a specially crafted ABC file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 0.8.8.4. Other versions may also be affected. This is not yet fixed upstream.
Created libmodplug tracking bugs for this issue:
Affects: fedora-all [bug 995580]
Affects: epel-5 [bug 728374]
Affects: epel-6 [bug 728375]
CVE request and further information here:
"Okay, so the first bug is an integer overflow in j variable, it occurs
The second bug is a heap overflow and can be triggered in two functions
h->gchord and h->drum are static buffers and are filled until the copied
byte is in the charset (respectively 'fbcz0123456789ghijGHIJ' and
The first issue received the name CVE-2013-4233 (integer overflow) and the second issue received CVE-2013-4234 (heap overflow)
Fixed upstream in libmodplug 0.8.8.5:
libmodplug-0.8.8.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libmodplug-0.8.8.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.