Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-1438

Disclosure Date: April 27, 2009
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Additional Info

Technical Analysis