CVE-2013-4234

libmodplug < 0.8.8.4 - Heap-Based Buffer Overflow in ABC MIDI Parsing

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2751
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54388
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/08/10/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61714
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54695

Scores

EPSS 0.0435
EPSS Percentile 90.1%

Details

CWE
CWE-119
Status published
Products (12)
debian/debian_linux 6.0
debian/debian_linux 7.0
konstanty_bialkowski/libmodplug 0.8
konstanty_bialkowski/libmodplug 0.8.4
konstanty_bialkowski/libmodplug 0.8.5
konstanty_bialkowski/libmodplug 0.8.6
konstanty_bialkowski/libmodplug 0.8.7
konstanty_bialkowski/libmodplug 0.8.8
konstanty_bialkowski/libmodplug 0.8.8.1
konstanty_bialkowski/libmodplug 0.8.8.2
... and 2 more
Published Sep 16, 2013
Tracked Since Feb 18, 2026