CVE-2013-4234
libmodplug < 0.8.8.4 - Heap-Based Buffer Overflow in ABC MIDI Parsing
Title source: llmDescription
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2751
Exploit x_refsource_misc
http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54388
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/08/10/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61714
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54695
Scores
EPSS
0.0435
EPSS Percentile
90.1%
Details
CWE
CWE-119
Status
published
Products (12)
debian/debian_linux
6.0
debian/debian_linux
7.0
konstanty_bialkowski/libmodplug
0.8
konstanty_bialkowski/libmodplug
0.8.4
konstanty_bialkowski/libmodplug
0.8.5
konstanty_bialkowski/libmodplug
0.8.6
konstanty_bialkowski/libmodplug
0.8.7
konstanty_bialkowski/libmodplug
0.8.8
konstanty_bialkowski/libmodplug
0.8.8.1
konstanty_bialkowski/libmodplug
0.8.8.2
... and 2 more
Published
Sep 16, 2013
Tracked Since
Feb 18, 2026