CVE-2006-4192

MODPlug Tracker < 1.17.02.43 - Buffer Overflow via Crafted ITP and AMF Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4192. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates stack and heap overflows in OpenMPT <= 1.17.02.43 and SVN <= 157 by crafting malicious .ITP and .AMF files. It leverages buffer overflows in ReadITProject and ReadSample functions to trigger memory corruption.

Description

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · cdoswindows
https://www.exploit-db.com/exploits/2160

This exploit demonstrates stack and heap overflows in OpenMPT <= 1.17.02.43 and SVN <= 157 by crafting malicious .ITP and .AMF files. It leverages buffer overflows in ReadITProject and ReadSample functions to trigger memory corruption.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenMPT <= 1.17.02.43 and SVN <= 157
No auth needed
Prerequisites: ability to deliver malicious .ITP or .AMF files to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21418
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28309
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200612-04.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19448
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-521-1
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/mptho-adv.txt
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22658
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442721/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23555
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22080
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4310
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:001
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1397
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26979
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2011-0477.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23294
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3231
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28305
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=497154

Scores

EPSS 0.0833
EPSS Percentile 94.2%

Details

Status published
Products (1)
modplug/tracker < 1.17.02.43
Published Aug 17, 2006
Tracked Since Feb 18, 2026