Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2010-2546
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:36.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "41917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41917"
},
{
"name": "48244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48244"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"name": "GLSA-201203-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name": "ADV-2010-1957",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"name": "40799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40799"
},
{
"name": "DSA-2081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "41917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41917"
},
{
"name": "48244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48244"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"name": "GLSA-201203-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name": "ADV-2010-1957",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"name": "40799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40799"
},
{
"name": "DSA-2081",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2081"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2546",
"datePublished": "2010-08-04T21:00:00",
"dateReserved": "2010-06-30T00:00:00",
"dateUpdated": "2024-08-07T02:39:36.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2546\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-08-05T13:22:29.497\",\"lastModified\":\"2024-11-21T01:16:52.823\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basados en pila en loaders/load_it.c de libmikmod, posiblemente v3.1.12,puede permitir a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de (1) ejemplos manipulados o (2) definiciones de instrumentos manipulados en un fichero Impulse Tracker, relacionados con panpts, pitpts, and IT_ProcessEnvelope. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2009-3995.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EB33FA6-1F1A-4255-B468-19036B180C29\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/40799\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48244\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201203-10.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2081\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:151\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/41917\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1957\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=614643\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201203-10.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/41917\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=614643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
var-201008-0230
Vulnerability from variot
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. libmikmod of loaders/load_it.c Contains a heap-based buffer overflow vulnerability. Libmikmod is a library used by Mikmod to play various types of audio modules. The problem with CVE-2009-3995 is not completely fixed correctly. The following problems exist: - Only volpts are checked, but similar problems affect panpts and pitpts. - Checking is done after calling IT_ProcessEnvelope, the function has modified name##env as the upper bound using name##pts, so an overflow can be triggered between checks. The -name##env information is read from name##tick and name##node, where the value contains ITENVCNT (25), so using sizeof(name##env) == ENVPOINTS (32) can still cause the array to read out of bounds. take. The 'libmikmod' library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage these issues to execute arbitrary code in the context of an application that uses the affected library. Failed attacks will cause denial-of-service conditions. These issues are due to an incomplete fix for CVE-2009-3995; BID 38114 (libmikmod Multiple Buffer Overflow Vulnerabilities) is related to these issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2081-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 01, 2010 http://www.debian.org/security/faq
Package : libmikmod Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2546
Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package.
For the unstable distribution (sid), these problems have been fixed in version 3.1.11-6.3.
We recommend that you upgrade your libmikmod packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxVxoUACgkQXm3vHE4uylrhwgCfXeJqgBnpGu10QyEu3DBjwWy/ y0YAoNP/beuWGyzKeCCNXuQwZ23f0oV2 =3XKq -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-995-1 September 29, 2010 libmikmod vulnerabilities CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS: libmikmod2 3.1.11-6ubuntu3.8.04.1
Ubuntu 9.04: libmikmod2 3.1.11-6ubuntu3.9.04.1
Ubuntu 9.10: libmikmod2 3.1.11-6ubuntu4.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that libMikMod incorrectly handled songs with different channel counts. (CVE-2007-6720)
It was discovered that libMikMod incorrectly handled certain malformed XM files. (CVE-2009-0179)
It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)
It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. (CVE-2009-3996)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz
Size/MD5: 339148 88b89686ec91f5173c6dd8b80ce8e64e
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.dsc
Size/MD5: 730 9d56dccce0535ee3c48ca642da04705a
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz
Size/MD5: 611590 705106da305e8de191549f1e7393185c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_amd64.deb
Size/MD5: 266550 9200823b863117753bac8a1aae63c2ca
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_amd64.deb
Size/MD5: 155628 cff0d15986f092c78cda7bb3a657e1f6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_i386.deb
Size/MD5: 244016 27453dd915f85ccd7dba0710ecab4acc
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_i386.deb
Size/MD5: 146476 b67d8d50c02001e45eb618d51f4329a1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_lpia.deb
Size/MD5: 248392 706f9438583e4364b4265ec8d8543bc4
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_lpia.deb
Size/MD5: 148608 5c727d7e661e44044017cb7bd6ab3402
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb
Size/MD5: 285392 c4ebd492d87451cc2979554da7e6fa34
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb
Size/MD5: 173928 e45de26f887292b7482eca418459e60c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_sparc.deb
Size/MD5: 258120 702fbd120d05a9f1d645f85ec45ea211
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_sparc.deb
Size/MD5: 148446 029492bfe2015986538e1f141ab51f93
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.diff.gz
Size/MD5: 338916 a771044f7ddf578a1618e1667effd243
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.dsc
Size/MD5: 1150 031a6ed819b4e9f59dc4614f42f91109
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz
Size/MD5: 611590 705106da305e8de191549f1e7393185c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_amd64.deb
Size/MD5: 265286 5189d1d5a185819b8f0a3860fd3ecc2b
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_amd64.deb
Size/MD5: 156988 f76e952924eceebdde01d9671f96b9b9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_i386.deb
Size/MD5: 244312 00502a3a984d2b40bffdf46d016caa20
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_i386.deb
Size/MD5: 147096 8cb46dd80877e60c1300e0b471a42cba
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_lpia.deb
Size/MD5: 247818 33fa14fe4ee9a538eb1c998928a302ab
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_lpia.deb
Size/MD5: 148464 75e5cde38085b939f4c3ad709f2a6b0d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb
Size/MD5: 281656 34e746a50fbd0acd34192b9e899e161f
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb
Size/MD5: 172672 69ec0a2145ea106602c2f3fa454bc346
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_sparc.deb
Size/MD5: 255260 70cb1b7d5521b00ae993686d9336bb12
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_sparc.deb
Size/MD5: 149422 d9e458beb786bbe71ecbf51f3ba6e758
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.diff.gz
Size/MD5: 338972 b044cd4c0262d4d38fc94de90fb520d4
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.dsc
Size/MD5: 1130 1feb8d8fcb433337e8ddad65e2076e4a
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz
Size/MD5: 611590 705106da305e8de191549f1e7393185c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_amd64.deb
Size/MD5: 267300 627cc54b1a4b2ed57ae5c1de295e614c
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_amd64.deb
Size/MD5: 157340 c36998f34e2807dbb8af42934b8ede5e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_i386.deb
Size/MD5: 244300 063e16e7e89f79a9d8b457a3881b5820
http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_i386.deb
Size/MD5: 148654 615e8ada1a87f7aee7e5ccd51c2dca4e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_lpia.deb
Size/MD5: 247994 fe717add1af434a346b59982f5e3c7c5
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_lpia.deb
Size/MD5: 151404 e13a0f651953441fc9cc5958ef874d0d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_powerpc.deb
Size/MD5: 281960 9199bd4701581881b31df45c5ede258f
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_powerpc.deb
Size/MD5: 174950 ad1450f700117577ddede6fc3755d5da
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_sparc.deb
Size/MD5: 260378 cd74bc83de2b60ed9cf4fc442e0352e1
http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_sparc.deb
Size/MD5: 152910 b684a3227432d45c220bb1378a4ed3d7
.
Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971
Updated Packages:
Mandriva Linux 2008.0: 3239adc6a61914a960c8bb07ebab58d2 2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm 4a88081c44652b1abbb2168bad46fc17 2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 41d721fc0ade6181626d66527e08260f 2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm b9af3c6d02828c7c36f2d47275142a01 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm
Mandriva Linux 2009.0: 0c32865a362e5949549bd0597f1c3288 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 1f0c55a841c82430a4a455b9c0fd185f 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: da510127c478758616146f2069b013ca 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm ce57822efa45f0e36aa1d79f7cc75763 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 1987e95ad4486d0d70a5cb3f15462815 2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 7c1d6e99214eca60d5e1b27d742557ac 2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 06d66faa37c282dbee789de65dc5b246 2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 5940b272dda3c628bbf27799e43db079 2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm
Mandriva Linux 2010.0: 754014cea8f3645395151dc2b7a4cc58 2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm cd1e7fca287c53499d973478c7813a6f 2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 477871f309a92d2912811fb31fea0943 2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 4c02e2863a04a2201233ce6f0822fbb5 2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm
Mandriva Linux 2010.1: 5dc9e3bcb87870d04daaeea37c1c7c90 2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm 30fd5e1c50381c01c621c67f83e46c53 2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: c642403d884dcd4aef507757d7688b4a 2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm b64cda55aeb0450fea2ad3af07fece31 2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm
Mandriva Enterprise Server 5: 6798c40fffe0cec1532ed4ea2470b041 mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 2b4f452bcfcd7ccbc1f9eea217b3e8ed mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 5e4fb9c93420186fc60c96e38b9ea412 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm e285e5b3413fe8f0de6b71caa903c8f9 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV avaniwZZDpjBYi8uoj21mkM= =KovP -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for libmikmod
SECUNIA ADVISORY ID: SA48244
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48244
RELEASE DATE: 2012-03-06
DISCUSS ADVISORY: http://secunia.com/advisories/48244/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48244/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48244
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for libmikmod. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system.
ORIGINAL ADVISORY: GLSA 201203-10: http://www.gentoo.org/security/en/glsa/glsa-201203-10.xml
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-10
http://security.gentoo.org/
Severity: Normal Title: libmikmod: User-assisted execution of arbitrary code Date: March 06, 2012 Bugs: #335892 ID: 201203-10
Synopsis
Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All libmikmod 3.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=media-libs/libmikmod-3.2.0_beta2-r3"
All libmikmod 3.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"=
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2010-2546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546 [ 2 ] CVE-2010-2971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libmikmod",
"scope": "eq",
"trust": 2.4,
"vendor": "raphael assenat",
"version": "3.1.12"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "6.4"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "7.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "libmikmod",
"scope": "eq",
"trust": 0.3,
"vendor": "libmikmod",
"version": "3.1.12"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "libmikmod",
"version": "3.1.12"
}
],
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"db": "BID",
"id": "41917"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:raphael_assenat:libmikmod",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tomas Hoger",
"sources": [
{
"db": "BID",
"id": "41917"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
}
],
"trust": 0.9
},
"cve": "CVE-2010-2546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2546",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2546",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-022",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. libmikmod of loaders/load_it.c Contains a heap-based buffer overflow vulnerability. Libmikmod is a library used by Mikmod to play various types of audio modules. The problem with CVE-2009-3995 is not completely fixed correctly. The following problems exist: - Only volpts are checked, but similar problems affect panpts and pitpts. - Checking is done after calling IT_ProcessEnvelope, the function has modified name##env as the upper bound using name##pts, so an overflow can be triggered between checks. The -name##env information is read from name##tick and name##node, where the value contains ITENVCNT (25), so using sizeof(name##env) == ENVPOINTS (32) can still cause the array to read out of bounds. take. The \u0027libmikmod\u0027 library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. \nAttackers can leverage these issues to execute arbitrary code in the context of an application that uses the affected library. Failed attacks will cause denial-of-service conditions. \nThese issues are due to an incomplete fix for CVE-2009-3995; BID 38114 (libmikmod Multiple Buffer Overflow Vulnerabilities) is related to these issues. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2081-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 01, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libmikmod\nVulnerability : buffer overflow\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-2546\n\nTomas Hoger discovered that the upstream fix for CVE-2009-3995 was\ninsufficient. This update provides a corrected package. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.1.11-6.3. \n\nWe recommend that you upgrade your libmikmod packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkxVxoUACgkQXm3vHE4uylrhwgCfXeJqgBnpGu10QyEu3DBjwWy/\ny0YAoNP/beuWGyzKeCCNXuQwZ23f0oV2\n=3XKq\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-995-1 September 29, 2010\nlibmikmod vulnerabilities\nCVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996,\nCVE-2010-2546, CVE-2010-2971\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.04 LTS\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.04 LTS:\n libmikmod2 3.1.11-6ubuntu3.8.04.1\n\nUbuntu 9.04:\n libmikmod2 3.1.11-6ubuntu3.9.04.1\n\nUbuntu 9.10:\n libmikmod2 3.1.11-6ubuntu4.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that libMikMod incorrectly handled songs with different\nchannel counts. (CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM\nfiles. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nImpulse Tracker files. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nUltratracker files. (CVE-2009-3996)\n\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz\n Size/MD5: 339148 88b89686ec91f5173c6dd8b80ce8e64e\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.dsc\n Size/MD5: 730 9d56dccce0535ee3c48ca642da04705a\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz\n Size/MD5: 611590 705106da305e8de191549f1e7393185c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_amd64.deb\n Size/MD5: 266550 9200823b863117753bac8a1aae63c2ca\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_amd64.deb\n Size/MD5: 155628 cff0d15986f092c78cda7bb3a657e1f6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_i386.deb\n Size/MD5: 244016 27453dd915f85ccd7dba0710ecab4acc\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_i386.deb\n Size/MD5: 146476 b67d8d50c02001e45eb618d51f4329a1\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_lpia.deb\n Size/MD5: 248392 706f9438583e4364b4265ec8d8543bc4\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_lpia.deb\n Size/MD5: 148608 5c727d7e661e44044017cb7bd6ab3402\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb\n Size/MD5: 285392 c4ebd492d87451cc2979554da7e6fa34\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb\n Size/MD5: 173928 e45de26f887292b7482eca418459e60c\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_sparc.deb\n Size/MD5: 258120 702fbd120d05a9f1d645f85ec45ea211\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_sparc.deb\n Size/MD5: 148446 029492bfe2015986538e1f141ab51f93\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.diff.gz\n Size/MD5: 338916 a771044f7ddf578a1618e1667effd243\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.dsc\n Size/MD5: 1150 031a6ed819b4e9f59dc4614f42f91109\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz\n Size/MD5: 611590 705106da305e8de191549f1e7393185c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_amd64.deb\n Size/MD5: 265286 5189d1d5a185819b8f0a3860fd3ecc2b\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_amd64.deb\n Size/MD5: 156988 f76e952924eceebdde01d9671f96b9b9\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_i386.deb\n Size/MD5: 244312 00502a3a984d2b40bffdf46d016caa20\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_i386.deb\n Size/MD5: 147096 8cb46dd80877e60c1300e0b471a42cba\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_lpia.deb\n Size/MD5: 247818 33fa14fe4ee9a538eb1c998928a302ab\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_lpia.deb\n Size/MD5: 148464 75e5cde38085b939f4c3ad709f2a6b0d\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb\n Size/MD5: 281656 34e746a50fbd0acd34192b9e899e161f\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb\n Size/MD5: 172672 69ec0a2145ea106602c2f3fa454bc346\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_sparc.deb\n Size/MD5: 255260 70cb1b7d5521b00ae993686d9336bb12\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_sparc.deb\n Size/MD5: 149422 d9e458beb786bbe71ecbf51f3ba6e758\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.diff.gz\n Size/MD5: 338972 b044cd4c0262d4d38fc94de90fb520d4\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.dsc\n Size/MD5: 1130 1feb8d8fcb433337e8ddad65e2076e4a\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz\n Size/MD5: 611590 705106da305e8de191549f1e7393185c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_amd64.deb\n Size/MD5: 267300 627cc54b1a4b2ed57ae5c1de295e614c\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_amd64.deb\n Size/MD5: 157340 c36998f34e2807dbb8af42934b8ede5e\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_i386.deb\n Size/MD5: 244300 063e16e7e89f79a9d8b457a3881b5820\n http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_i386.deb\n Size/MD5: 148654 615e8ada1a87f7aee7e5ccd51c2dca4e\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_lpia.deb\n Size/MD5: 247994 fe717add1af434a346b59982f5e3c7c5\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_lpia.deb\n Size/MD5: 151404 e13a0f651953441fc9cc5958ef874d0d\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_powerpc.deb\n Size/MD5: 281960 9199bd4701581881b31df45c5ede258f\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_powerpc.deb\n Size/MD5: 174950 ad1450f700117577ddede6fc3755d5da\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_sparc.deb\n Size/MD5: 260378 cd74bc83de2b60ed9cf4fc442e0352e1\n http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_sparc.deb\n Size/MD5: 152910 b684a3227432d45c220bb1378a4ed3d7\n\n\n\n. \n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 3239adc6a61914a960c8bb07ebab58d2 2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm\n 4a88081c44652b1abbb2168bad46fc17 2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm \n ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 41d721fc0ade6181626d66527e08260f 2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm\n b9af3c6d02828c7c36f2d47275142a01 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm \n ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n 0c32865a362e5949549bd0597f1c3288 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm\n 1f0c55a841c82430a4a455b9c0fd185f 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm \n 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n da510127c478758616146f2069b013ca 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm\n ce57822efa45f0e36aa1d79f7cc75763 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm \n 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 1987e95ad4486d0d70a5cb3f15462815 2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm\n 7c1d6e99214eca60d5e1b27d742557ac 2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm \n 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 06d66faa37c282dbee789de65dc5b246 2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm\n 5940b272dda3c628bbf27799e43db079 2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm \n 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n 754014cea8f3645395151dc2b7a4cc58 2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm\n cd1e7fca287c53499d973478c7813a6f 2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm \n 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 477871f309a92d2912811fb31fea0943 2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm\n 4c02e2863a04a2201233ce6f0822fbb5 2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm \n 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 5dc9e3bcb87870d04daaeea37c1c7c90 2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm\n 30fd5e1c50381c01c621c67f83e46c53 2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm \n a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n c642403d884dcd4aef507757d7688b4a 2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm\n b64cda55aeb0450fea2ad3af07fece31 2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm \n a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm\n\n Mandriva Enterprise Server 5:\n 6798c40fffe0cec1532ed4ea2470b041 mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm\n 2b4f452bcfcd7ccbc1f9eea217b3e8ed mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm \n 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 5e4fb9c93420186fc60c96e38b9ea412 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm\n e285e5b3413fe8f0de6b71caa903c8f9 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm \n 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV\navaniwZZDpjBYi8uoj21mkM=\n=KovP\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for libmikmod\n\nSECUNIA ADVISORY ID:\nSA48244\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48244/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48244\n\nRELEASE DATE:\n2012-03-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48244/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48244/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48244\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for libmikmod. This fixes two\nvulnerabilities, which can be exploited by malicious people to\npotentially compromise a vulnerable system. \n\nORIGINAL ADVISORY:\nGLSA 201203-10:\nhttp://www.gentoo.org/security/en/glsa/glsa-201203-10.xml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libmikmod: User-assisted execution of arbitrary code\n Date: March 06, 2012\n Bugs: #335892\n ID: 201203-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple buffer overflow vulnerabilities in libmikmod may allow an\nattacker to execute arbitrary code or cause a Denial of Service\ncondition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libmikmod 3.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=media-libs/libmikmod-3.2.0_beta2-r3\"\n\nAll libmikmod 3.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libmikmod-3.1.12-r1\"=\n\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-2546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546\n[ 2 ] CVE-2010-2971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-10.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2546"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"db": "BID",
"id": "41917"
},
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "92341"
},
{
"db": "PACKETSTORM",
"id": "92275"
},
{
"db": "PACKETSTORM",
"id": "94351"
},
{
"db": "PACKETSTORM",
"id": "92799"
},
{
"db": "PACKETSTORM",
"id": "110473"
},
{
"db": "PACKETSTORM",
"id": "110480"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2546",
"trust": 3.3
},
{
"db": "BID",
"id": "41917",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "40799",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "48244",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1957",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2010-1421",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576",
"trust": 0.8
},
{
"db": "IVD",
"id": "0D29F8FC-1FB3-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110480",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"db": "BID",
"id": "41917"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "PACKETSTORM",
"id": "92341"
},
{
"db": "PACKETSTORM",
"id": "92275"
},
{
"db": "PACKETSTORM",
"id": "94351"
},
{
"db": "PACKETSTORM",
"id": "92799"
},
{
"db": "PACKETSTORM",
"id": "110473"
},
{
"db": "PACKETSTORM",
"id": "110480"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"id": "VAR-201008-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
}
],
"trust": 1.07111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
}
]
},
"last_update_date": "2024-11-23T20:16:36.616000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "libmikmod",
"trust": 0.8,
"url": "http://sourceforge.net/projects/mikmod/"
},
{
"title": "CVE-2009-3995f",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39950"
},
{
"title": "mikmod-CVE-2009-3995-alt",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39951"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:151"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/40799"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/41917"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48244"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2546"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2546"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643#c11http"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2546"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643#c11"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/mikmod/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2971"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3996"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3995"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6.0.1+lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6.0.1+lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40799/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40799"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40799/"
},
{
"trust": 0.1,
"url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2010/msg00126.html"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0179"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6720"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2971"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3995"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3996"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48244"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-10.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48244/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48244/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2971"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2546"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"db": "BID",
"id": "41917"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "PACKETSTORM",
"id": "92341"
},
{
"db": "PACKETSTORM",
"id": "92275"
},
{
"db": "PACKETSTORM",
"id": "94351"
},
{
"db": "PACKETSTORM",
"id": "92799"
},
{
"db": "PACKETSTORM",
"id": "110473"
},
{
"db": "PACKETSTORM",
"id": "110480"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"db": "BID",
"id": "41917"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"db": "PACKETSTORM",
"id": "92341"
},
{
"db": "PACKETSTORM",
"id": "92275"
},
{
"db": "PACKETSTORM",
"id": "94351"
},
{
"db": "PACKETSTORM",
"id": "92799"
},
{
"db": "PACKETSTORM",
"id": "110473"
},
{
"db": "PACKETSTORM",
"id": "110480"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-25T00:00:00",
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"date": "2010-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"date": "2010-07-23T00:00:00",
"db": "BID",
"id": "41917"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"date": "2010-08-03T13:59:55",
"db": "PACKETSTORM",
"id": "92341"
},
{
"date": "2010-08-02T08:47:25",
"db": "PACKETSTORM",
"id": "92275"
},
{
"date": "2010-09-29T20:29:30",
"db": "PACKETSTORM",
"id": "94351"
},
{
"date": "2010-08-17T00:49:50",
"db": "PACKETSTORM",
"id": "92799"
},
{
"date": "2012-03-06T03:54:14",
"db": "PACKETSTORM",
"id": "110473"
},
{
"date": "2012-03-06T23:57:19",
"db": "PACKETSTORM",
"id": "110480"
},
{
"date": "2010-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"date": "2010-08-05T13:22:29.497000",
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1421"
},
{
"date": "2012-03-06T17:20:00",
"db": "BID",
"id": "41917"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005576"
},
{
"date": "2023-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-022"
},
{
"date": "2024-11-21T01:16:52.823000",
"db": "NVD",
"id": "CVE-2010-2546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "92799"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libmikmod Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0d29f8fc-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-022"
}
],
"trust": 0.6
}
}
ghsa-5mrv-fmm3-qm6f
Vulnerability from github
Published
2022-05-14 04:00
Modified
2022-05-14 04:00
Details
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
{
"affected": [],
"aliases": [
"CVE-2010-2546"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-05T13:22:00Z",
"severity": "HIGH"
},
"details": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.",
"id": "GHSA-5mrv-fmm3-qm6f",
"modified": "2022-05-14T04:00:15Z",
"published": "2022-05-14T04:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2546"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40799"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48244"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"type": "WEB",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/41917"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1957"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2010-2546
Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| raphael_assenat | libmikmod | 3.1.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en loaders/load_it.c de libmikmod, posiblemente v3.1.12,puede permitir a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de (1) ejemplos manipulados o (2) definiciones de instrumentos manipulados en un fichero Impulse Tracker, relacionados con panpts, pitpts, and IT_ProcessEnvelope. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2009-3995."
}
],
"id": "CVE-2010-2546",
"lastModified": "2024-11-21T01:16:52.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T13:22:29.497",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40799"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48244"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/41917"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2010-2546
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-2546",
"description": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.",
"id": "GSD-2010-2546",
"references": [
"https://www.suse.com/security/cve/CVE-2010-2546.html",
"https://www.debian.org/security/2010/dsa-2081"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-2546"
],
"details": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.",
"id": "GSD-2010-2546",
"modified": "2023-12-13T01:21:31.536993Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/advisories/40799",
"refsource": "MISC",
"url": "http://secunia.com/advisories/40799"
},
{
"name": "http://secunia.com/advisories/48244",
"refsource": "MISC",
"url": "http://secunia.com/advisories/48244"
},
{
"name": "http://security.gentoo.org/glsa/glsa-201203-10.xml",
"refsource": "MISC",
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"name": "http://www.debian.org/security/2010/dsa-2081",
"refsource": "MISC",
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "http://www.securityfocus.com/bid/41917",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/41917"
},
{
"name": "http://www.vupen.com/english/advisories/2010/1957",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614643",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2546"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41917",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/41917"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614643",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"name": "DSA-2081",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2010/dsa-2081"
},
{
"name": "40799",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40799"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227",
"refsource": "MISC",
"tags": [],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
},
{
"name": "ADV-2010-1957",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"name": "MDVSA-2010:151",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "GLSA-201203-10",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name": "48244",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/48244"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2023-02-13T03:17Z",
"publishedDate": "2010-08-05T13:22Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.